U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
The letters N V D typed out in binary
New 2.0 APIs
Emphasis on APIs for web automation
2022-23 Change Timeline
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2023-33788 - A stored cross-site scripting (XSS) vulnerability in the Create Providers (/circuits/providers/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
    Published: May 24, 2023; 4:15:10 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2023-33789 - A stored cross-site scripting (XSS) vulnerability in the Create Contact Groups (/tenancy/contact-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
    Published: May 24, 2023; 4:15:10 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2023-33790 - A stored cross-site scripting (XSS) vulnerability in the Create Locations (/dcim/locations/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
    Published: May 24, 2023; 4:15:10 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2023-33791 - A stored cross-site scripting (XSS) vulnerability in the Create Provider Accounts (/circuits/provider-accounts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
    Published: May 24, 2023; 4:15:10 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2023-33792 - A stored cross-site scripting (XSS) vulnerability in the Create Site Groups (/dcim/site-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
    Published: May 24, 2023; 4:15:10 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2023-33793 - A stored cross-site scripting (XSS) vulnerability in the Create Power Panels (/dcim/power-panels/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
    Published: May 24, 2023; 4:15:10 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2023-33794 - A stored cross-site scripting (XSS) vulnerability in the Create Tenants (/tenancy/tenants/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
    Published: May 24, 2023; 4:15:10 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2023-33795 - A stored cross-site scripting (XSS) vulnerability in the Create Contact Roles (/tenancy/contact-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
    Published: May 24, 2023; 4:15:10 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2023-33796 - A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database.
    Published: May 24, 2023; 4:15:10 PM -0400

    V3.1: 9.1 CRITICAL

  • CVE-2023-33797 - A stored cross-site scripting (XSS) vulnerability in the Create Sites (/dcim/sites/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
    Published: May 24, 2023; 4:15:10 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2023-33798 - A stored cross-site scripting (XSS) vulnerability in the Create Rack (/dcim/rack/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
    Published: May 24, 2023; 4:15:10 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2023-33799 - A stored cross-site scripting (XSS) vulnerability in the Create Contacts (/tenancy/contacts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
    Published: May 24, 2023; 4:15:11 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2023-33800 - A stored cross-site scripting (XSS) vulnerability in the Create Regions (/dcim/regions/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
    Published: May 24, 2023; 4:15:11 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2023-33787 - A stored cross-site scripting (XSS) vulnerability in the Create Tenant Groups (/tenancy/tenant-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
    Published: May 24, 2023; 4:15:10 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2023-33786 - A stored cross-site scripting (XSS) vulnerability in the Create Circuit Types (/circuits/circuit-types/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
    Published: May 24, 2023; 4:15:10 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2023-33785 - A stored cross-site scripting (XSS) vulnerability in the Create Rack Roles (/dcim/rack-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
    Published: May 24, 2023; 4:15:10 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2023-31708 - A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function.
    Published: May 22, 2023; 9:15:09 PM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2022-36328 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could allow an attacker to create arbitrary shares on arbitrary directories and exfiltrate sensitive files, passwords, users and device configuration... read CVE-2022-36328
    Published: May 18, 2023; 2:15:09 PM -0400

    V3.1: 4.9 MEDIUM

  • CVE-2023-2587 - Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting (XSS) vulnerability in the main page of the web interface. An attacker with the MAC address and serial number of a connected device could send a maliciou... read CVE-2023-2587
    Published: May 22, 2023; 12:15:09 PM -0400

    V3.1: 8.3 HIGH

  • CVE-2023-31066 - Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Different users in InLong could delete, edit, stop, and start others' sources... read CVE-2023-31066
    Published: May 22, 2023; 12:15:10 PM -0400

    V3.1: 9.1 CRITICAL