U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2023-50431 - sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized.
    Published: December 09, 2023; 6:15:07 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2024-21309 - Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
    Published: January 09, 2024; 1:15:54 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2024-39479 - In the Linux kernel, the following vulnerability has been resolved: drm/i915/hwmon: Get rid of devm When both hwmon and hwmon drvdata (on which hwmon depends) are device managed resources, the expectation, on device unbind, is that hwmon will be... read CVE-2024-39479
    Published: July 05, 2024; 3:15:10 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-39291 - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() The function gfx_v9_4_3_init_microcode in gfx_v9_4_3.c was generating about potential ... read CVE-2024-39291
    Published: June 24, 2024; 10:15:12 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-39277 - In the Linux kernel, the following vulnerability has been resolved: dma-mapping: benchmark: handle NUMA_NO_NODE correctly cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark() resulting in the following sanitizer report: UB... read CVE-2024-39277
    Published: June 21, 2024; 8:15:11 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-38667 - In the Linux kernel, the following vulnerability has been resolved: riscv: prevent pt_regs corruption for secondary idle threads Top of the kernel thread stack should be reserved for pt_regs. However this is not the case for the idle threads of ... read CVE-2024-38667
    Published: June 24, 2024; 10:15:12 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-38664 - In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_dpsub: Always register bridge We must always register the DRM bridge, since zynqmp_dp_hpd_work_func calls drm_bridge_hpd_notify, which in turn expects hpd_mutex to b... read CVE-2024-38664
    Published: June 24, 2024; 10:15:12 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2022-40482 - The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method i... read CVE-2022-40482
    Published: April 25, 2023; 3:15:10 PM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2024-20082 - In Modem, there is a possible memory corruption due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01182594; Issue ... read CVE-2024-20082
    Published: August 13, 2024; 11:15:04 PM -0400

  • CVE-2024-20083 - In venc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08810810 / ALP... read CVE-2024-20083
    Published: August 13, 2024; 11:15:04 PM -0400

  • CVE-2025-40573 - A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices are vulnerable to path traversal attacks. This could allow a privileged local attacker to restore backups that are outside the backup fo... read CVE-2025-40573
    Published: May 13, 2025; 6:15:26 AM -0400

    V3.1: 4.4 MEDIUM

  • CVE-2025-40575 - A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions). Affected devices do not properly validate incoming Profinet packets. An unauthenticated remote attacker can exploit this flaw by sending a specially craf... read CVE-2025-40575
    Published: May 13, 2025; 6:15:27 AM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2025-40582 - A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do not properly sanitize configuration parameters. This could allow a non-privileged lo... read CVE-2025-40582
    Published: May 13, 2025; 6:15:28 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2025-40583 - A vulnerability has been identified in SCALANCE LPE9403 (6GK5998-3GS00-2AC2) (All versions with SINEMA Remote Connect Edge Client installed). Affected devices do transmit sensitive information in cleartext. This could allow a privileged local att... read CVE-2025-40583
    Published: May 13, 2025; 6:15:28 AM -0400

    V3.1: 4.4 MEDIUM

  • CVE-2023-40490 - Maxon Cinema 4D SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Maxon Cinema 4D. User interaction is required to exploit this vu... read CVE-2023-40490
    Published: May 07, 2024; 7:15:16 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2025-4679 - A vulnerability in Synology Active Backup for Microsoft 365 allows remote authenticated attackers to obtain sensitive information via unspecified vectors.
    Published: May 16, 2025; 5:15:18 AM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2024-6487 - The Inline Related Posts WordPress plugin before 3.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability ... read CVE-2024-6487
    Published: July 29, 2024; 2:15:02 AM -0400

  • CVE-2024-6366 - The User Profile Builder WordPress plugin before 3.11.8 does not have proper authorisation, allowing unauthenticated users to upload media files via the async upload functionality of WP.
    Published: July 29, 2024; 2:15:02 AM -0400

  • CVE-2024-6021 - The Donation Block For PayPal WordPress plugin through 2.1.0 does not sanitise and escape form submissions, leading to a stored cross-site scripting vulnerability
    Published: July 30, 2024; 2:15:03 AM -0400

  • CVE-2024-3113 - The FormFlow: WhatsApp Social and Advanced Form Builder with Easy Lead Collection WordPress plugin before 2.12.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site S... read CVE-2024-3113
    Published: July 30, 2024; 2:15:02 AM -0400

Created September 20, 2022 , Updated August 27, 2024