U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2022-39035 - Smart eVision has insufficient filtering for special characters in the POST Data parameter in the specific function. An unauthenticated remote attacker can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack.
    Published: September 28, 2022; 12:15:15 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2022-35242 - Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress.
    Published: August 23, 2022; 12:15:10 PM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2021-3800 - A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.
    Published: August 23, 2022; 12:15:09 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-38668 - HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB.
    Published: August 22, 2022; 4:15:08 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-36633 - Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in... read CVE-2022-36633
    Published: August 24, 2022; 9:15:08 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2017-20147 - In the ebuild package through smokeping-2.7.3-r1 for SmokePing on Gentoo, the initscript uses a PID file that is writable by the smokeping user. By writing arbitrary PIDs to that file, the smokeping user can cause a denial of service to arbitrary ... read CVE-2017-20147
    Published: September 20, 2022; 2:15:09 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2022-38339 - Safe Software FME Server v2021.2.5, v2022.0.0.2 and below contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login page.
    Published: September 19, 2022; 6:15:11 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2022-3218 - Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution.
    Published: September 19, 2022; 1:15:14 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2022-38341 - Safe Software FME Server v2021.2.5 and below does not employ server-side validation.
    Published: September 19, 2022; 10:15:11 AM -0400

    V3.1: 7.1 HIGH

  • CVE-2022-22520 - A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2.
    Published: September 14, 2022; 10:15:12 AM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2022-40673 - KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache.
    Published: September 14, 2022; 7:15:53 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2022-32837 - This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to cause unexpected system termination or write kernel memory.
    Published: August 24, 2022; 4:15:08 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2022-36804 - Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 bef... read CVE-2022-36804
    Published: August 25, 2022; 2:15:09 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2022-2255 - A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.
    Published: August 25, 2022; 2:15:09 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2022-20824 - A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition o... read CVE-2022-20824
    Published: August 25, 2022; 3:15:08 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2022-29850 - Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots.
    Published: August 25, 2022; 8:15:08 PM -0400

    V3.1: 8.1 HIGH

  • CVE-2022-0718 - A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.
    Published: August 29, 2022; 11:15:09 AM -0400

    V3.1: 4.9 MEDIUM

  • CVE-2022-2330 - Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a car... read CVE-2022-2330
    Published: August 30, 2022; 4:15:07 AM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2022-36747 - Razor v0.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the function uploadchannel().
    Published: August 30, 2022; 6:15:09 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2022-1976 - A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corr... read CVE-2022-1976
    Published: August 31, 2022; 12:15:10 PM -0400

    V3.1: 7.8 HIGH