U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2024-6932 - A vulnerability was found in ClassCMS 4.5. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/?action=home&do=shop:index&keyword=&kind=all. The manipulation of the argument order lead... read CVE-2024-6932
    Published: July 20, 2024; 6:15:10 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-6934 - A vulnerability classified as problematic has been found in formtools.org Form Tools 3.1.1. This affects an unknown part of the file /admin/forms/add/step2.php?submission_type=direct. The manipulation of the argument Form URL leads to cross site s... read CVE-2024-6934
    Published: July 20, 2024; 10:15:02 PM -0400

    V3.1: 4.8 MEDIUM

  • CVE-2024-6935 - A vulnerability classified as problematic was found in formtools.org Form Tools 3.1.1. This vulnerability affects unknown code of the file /admin/clients/ of the component User Settings Page. The manipulation leads to cross site scripting. The att... read CVE-2024-6935
    Published: July 20, 2024; 11:15:02 PM -0400

    V3.1: 4.8 MEDIUM

  • CVE-2024-6940 - A vulnerability was found in DedeCMS 5.7.114. It has been classified as critical. This affects an unknown part of the file article_template_rand.php. The manipulation leads to code injection. It is possible to initiate the attack remotely. The exp... read CVE-2024-6940
    Published: July 21, 2024; 2:15:04 AM -0400

    V3.1: 7.2 HIGH

  • CVE-2023-32467 - Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to... read CVE-2023-32467
    Published: July 09, 2024; 11:15:01 PM -0400

    V3.1: 8.2 HIGH

  • CVE-2024-6898 - A vulnerability was found in SourceCodester Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file index.php. The manipulation of the argument UserName leads to sql injection. It is possible to i... read CVE-2024-6898
    Published: July 19, 2024; 12:15:05 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-40629 - JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the An... read CVE-2024-40629
    Published: July 18, 2024; 1:15:04 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-40628 - JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the an... read CVE-2024-40628
    Published: July 18, 2024; 1:15:04 PM -0400

    V3.1: 9.1 CRITICAL

  • CVE-2024-8604 - A vulnerability classified as problematic has been found in SourceCodester Online Food Ordering System 2.0. This affects an unknown part of the file index.php of the component Create an Account Page. The manipulation of the argument First Name/Las... read CVE-2024-8604
    Published: September 09, 2024; 12:15:03 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2024-39911 - 1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts. Users are advised to upgrade. There are no known workarounds f... read CVE-2024-39911
    Published: July 18, 2024; 12:15:07 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-39907 - 1Panel is a web-based linux server management control panel. There are many sql injections in the project, and some of them are not well filtered, leading to arbitrary file writes, and ultimately leading to RCEs. These sql injections have been res... read CVE-2024-39907
    Published: July 18, 2024; 12:15:07 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-42287 - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Complete command early within lock A crash was observed while performing NPIV and FW reset, BUG: kernel NULL pointer dereference, address: 000000000000001c #PF... read CVE-2024-42287
    Published: August 17, 2024; 5:15:09 AM -0400

    V3.1: 4.7 MEDIUM

  • CVE-2024-42286 - In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: validate nvme_local_port correctly The driver load failed with error message, qla2xxx [0000:04:00.0]-ffff:0: register_localport failed: ret=ffffffef and with a ... read CVE-2024-42286
    Published: August 17, 2024; 5:15:09 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2024-44410 - D-Link DI-8300 v16.07.26A1 is vulnerable to command injection via the upgrade_filter_asp function.
    Published: September 09, 2024; 5:15:11 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-23465 - The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass vulnerability. This vulnerability allows an unauthenticated user to gain domain admin access within the Active Directory environment.  
    Published: July 17, 2024; 11:15:10 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-42344 - A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.2 SP2). The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could al... read CVE-2024-42344
    Published: September 10, 2024; 6:15:12 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2024-42345 - A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP2). The affected application does not properly handle user session establishment and invalidation. This could allow a remote attacker to circumvent the addi... read CVE-2024-42345
    Published: September 10, 2024; 6:15:12 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2024-28074 - It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. While some controls were implemented the researcher was able to bypass these and use a different method to exploit the vulnerability.
    Published: July 17, 2024; 11:15:13 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-42277 - In the Linux kernel, the following vulnerability has been resolved: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en In sprd_iommu_cleanup() before calling function sprd_iommu_hw_en() dom->sdev is equal to NULL, which leads to null dereference.... read CVE-2024-42277
    Published: August 17, 2024; 5:15:08 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2023-32472 - Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some code in System Manage... read CVE-2023-32472
    Published: July 09, 2024; 11:15:02 PM -0400

    V3.1: 8.2 HIGH

Created September 20, 2022 , Updated August 27, 2024