U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
NOTICE UPDATED - May, 29th 2024

The NVD has a new announcement page with status updates, news, and how to stay connected!

The letters N V D typed out in binary
New 2.0 APIs
Emphasis on APIs for web automation
Change Timeline
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2024-24919 - Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is a... read CVE-2024-24919
    Published: May 28, 2024; 3:15:10 PM -0400

    V3.1: 8.6 HIGH

  • CVE-2024-4978 - Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell... read CVE-2024-4978
    Published: May 22, 2024; 10:15:09 PM -0400

    V3.1: 8.4 HIGH

  • CVE-2024-3400 - A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to ... read CVE-2024-3400
    Published: April 12, 2024; 4:15:06 AM -0400

    V3.1: 10.0 CRITICAL

  • CVE-2024-5274 - Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
    Published: May 28, 2024; 11:15:10 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-20360 - A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the w... read CVE-2024-20360
    Published: May 22, 2024; 2:15:09 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-34905 - FlyFish v3.0.0 was discovered to contain a buffer overflow via the password parameter on the login page. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
    Published: May 16, 2024; 11:15:47 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-34913 - An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF file.
    Published: May 15, 2024; 4:15:13 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-34909 - An arbitrary file upload vulnerability in KYKMS v1.0.1 and below allows attackers to execute arbitrary code via uploading a crafted PDF file.
    Published: May 15, 2024; 4:15:13 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-34906 - An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file.
    Published: May 15, 2024; 4:15:13 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-32002 - Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into th... read CVE-2024-32002
    Published: May 14, 2024; 3:15:10 PM -0400

    V3.1: 9.0 CRITICAL

  • CVE-2023-42097 - Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulner... read CVE-2023-42097
    Published: May 02, 2024; 11:15:46 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2023-42096 - Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this ... read CVE-2023-42096
    Published: May 02, 2024; 11:15:46 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2023-42095 - Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit ... read CVE-2023-42095
    Published: May 02, 2024; 11:15:46 PM -0400

    V3.1: 3.3 LOW

  • CVE-2023-42094 - Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulner... read CVE-2023-42094
    Published: May 02, 2024; 11:15:46 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2023-42093 - Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit th... read CVE-2023-42093
    Published: May 02, 2024; 11:15:46 PM -0400

    V3.1: 3.3 LOW

  • CVE-2023-42092 - Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulner... read CVE-2023-42092
    Published: May 02, 2024; 11:15:46 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2023-42091 - Foxit PDF Reader XFA Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vu... read CVE-2023-42091
    Published: May 02, 2024; 11:15:45 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2023-42090 - Foxit PDF Reader XFA Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to ex... read CVE-2023-42090
    Published: May 02, 2024; 11:15:45 PM -0400

    V3.1: 7.1 HIGH

  • CVE-2023-42089 - Foxit PDF Reader templates Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit thi... read CVE-2023-42089
    Published: May 02, 2024; 11:15:45 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-26933 - In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the p... read CVE-2024-26933
    Published: May 01, 2024; 2:15:07 AM -0400

    V3.1: 7.8 HIGH

Created September 20, 2022 , Updated May 29, 2024