U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
NOTICE UPDATED - May, 29th 2024

The NVD has a new announcement page with status updates, news, and how to stay connected!

The letters N V D typed out in binary
New 2.0 APIs
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2024-38329 - IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially... read CVE-2024-38329
    Published: June 19, 2024; 10:15:13 AM -0400

    V3.1: 7.7 HIGH

  • CVE-2024-31870 - IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gathe... read CVE-2024-31870
    Published: June 15, 2024; 10:15:09 AM -0400

    V3.1: 3.3 LOW

  • CVE-2024-27275 - IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of ... read CVE-2024-27275
    Published: June 15, 2024; 10:15:09 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-36599 - A cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at insertClient.php.
    Published: June 14, 2024; 2:15:27 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2024-38570 - In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix potential glock use-after-free on unmount When a DLM lockspace is released and there ares still locks in that lockspace, DLM will unlock those locks automatically. Co... read CVE-2024-38570
    Published: June 19, 2024; 10:15:17 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-38571 - In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/tsens: Fix null pointer dereference compute_intercept_slope() is called from calibrate_8960() (in tsens-8960.c) as compute_intercept_slope(priv, p1, NULL, ONE_PT... read CVE-2024-38571
    Published: June 19, 2024; 10:15:17 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2024-38563 - In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature Without this commit, reading chip temperature will cause memory leakage.
    Published: June 19, 2024; 10:15:16 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2024-38577 - In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow There is a possibility of buffer overflow in show_rcu_tasks_trace_gp_kthread() if counters, passed to sprintf() ar... read CVE-2024-38577
    Published: June 19, 2024; 10:15:17 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-38581 - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/mes: fix use-after-free issue Delete fence fallback timer to fix the ramdom use-after-free issue. v2: move to amdgpu_mes.c
    Published: June 19, 2024; 10:15:18 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-38603 - In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() pci_alloc_irq_vectors() allocates an irq vector. When devm_add_action() fails, the irq vector is not freed, whi... read CVE-2024-38603
    Published: June 19, 2024; 10:15:20 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2024-38583 - In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issue... read CVE-2024-38583
    Published: June 19, 2024; 10:15:18 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-37849 - A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter.
    Published: June 13, 2024; 10:15:13 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-37831 - Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID parameter.
    Published: June 14, 2024; 4:15:11 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-25053 - IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted ... read CVE-2024-25053
    Published: June 28, 2024; 3:15:04 PM -0400

    V3.1: 5.9 MEDIUM

  • CVE-2024-25041 - IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is potentially vulnerable to cross site scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Co... read CVE-2024-25041
    Published: June 28, 2024; 3:15:04 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-25031 - IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 uses an inadequate account lockout setting that could allow an attacker on the network to brute force account credentials. IBM X-Force ID: 281678.
    Published: June 28, 2024; 3:15:04 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2022-38383 - IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 233673.
    Published: June 28, 2024; 3:15:03 PM -0400

    V3.1: 3.3 LOW

  • CVE-2024-35155 - IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the syste... read CVE-2024-35155
    Published: June 28, 2024; 2:15:04 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2024-31919 - IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: 290259.
    Published: June 28, 2024; 2:15:03 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-31912 - IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894.
    Published: June 28, 2024; 2:15:03 PM -0400

    V3.1: 8.8 HIGH

Created September 20, 2022 , Updated ...