You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.

U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

Time Period New CVEs Received by NVD New CVEs Analyzed by NVD Modified CVEs Received by NVD Modified CVEs Re-analyzed by NVD
Today {{data.count}}
This Week {{data.count}}
This Month {{data.count}}
Last Month {{data.count}}
This Year {{data.count}}

CVE Status Count

Please Wait

CVE Status Count

{{data.name}} {{data.count}}

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}

CVSS V2 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2024-42108 - In the Linux kernel, the following vulnerability has been resolved: net: rswitch: Avoid use-after-free in rswitch_poll() The use-after-free is actually in rswitch_tx_free(), which is inlined in rswitch_poll(). Since `skb` and `gq->skbs[gq->dirty... read CVE-2024-42108
    Published: July 30, 2024; 4:15:03 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-42102 - In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes d... read CVE-2024-42102
    Published: July 30, 2024; 4:15:02 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2024-41058 - In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() We got the following issue in our fault injection stress test: ================================================... read CVE-2024-41058
    Published: July 29, 2024; 11:15:13 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-41061 - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport [Why] Potential out of bounds access in dml2_calculate_rq_and_dlg_params() because the value of out_lowe... read CVE-2024-41061
    Published: July 29, 2024; 11:15:14 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-41052 - In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Init the count variable in collecting hot-reset devices The count variable is used without initialization, it results in mistakes in the device counting and crashes th... read CVE-2024-41052
    Published: July 29, 2024; 11:15:13 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2024-41053 - In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix ufshcd_abort_one racing issue When ufshcd_abort_one is racing with the completion ISR, the completed tag of the request's mq_hctx pointer will be set to NUL... read CVE-2024-41053
    Published: July 29, 2024; 11:15:13 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2024-7743 - A vulnerability was found in wanglongcn ltcms 1.0.20. It has been declared as critical. Affected by this vulnerability is the function downloadUrl of the file /api/file/downloadUrl of the component API Endpoint. The manipulation of the argument fi... read CVE-2024-7743
    Published: August 13, 2024; 5:15:17 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-7742 - A vulnerability was found in wanglongcn ltcms 1.0.20. It has been classified as critical. Affected is the function multiDownload of the file /api/file/multiDownload of the component API Endpoint. The manipulation of the argument file leads to serv... read CVE-2024-7742
    Published: August 13, 2024; 5:15:16 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-7741 - A vulnerability was found in wanglongcn ltcms 1.0.20 and classified as critical. This issue affects the function downloadFile of the file /api/file/downloadfile of the component API Endpoint. The manipulation of the argument file leads to path tra... read CVE-2024-7741
    Published: August 13, 2024; 4:15:09 PM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2024-7740 - A vulnerability has been found in wanglongcn ltcms 1.0.20 and classified as critical. This vulnerability affects the function download of the file /api/test/download of the component API Endpoint. The manipulation of the argument url leads to serv... read CVE-2024-7740
    Published: August 13, 2024; 4:15:08 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-40130 - open5gs v2.6.4 is vulnerable to Buffer Overflow. via /lib/core/abts.c.
    Published: July 16, 2024; 3:15:12 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-40129 - Open5GS v2.6.4 is vulnerable to Buffer Overflow. via /lib/pfcp/context.c.
    Published: July 16, 2024; 3:15:12 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-39036 - SeaCMS v12.9 is vulnerable to Arbitrary File Read via admin_safe.php.
    Published: July 16, 2024; 3:15:12 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2024-41332 - Incorrect access control in the delete_category function of Sourcecodester Computer Laboratory Management System v1.0 allows authenticated attackers with low-level privileges to arbitrarily delete categories.
    Published: August 12, 2024; 9:38:30 AM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2024-7614 - A vulnerability was found in Tenda FH1206 1.2.0.8(8155). It has been classified as critical. Affected is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page leads to stack-based buffer overflow. It is ... read CVE-2024-7614
    Published: August 12, 2024; 9:38:44 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-7615 - A vulnerability was found in Tenda FH1206 1.2.0.8. It has been declared as critical. Affected by this vulnerability is the function fromSafeClientFilter/fromSafeMacFilter/fromSafeUrlFilter. The manipulation leads to stack-based buffer overflow. Th... read CVE-2024-7615
    Published: August 12, 2024; 9:38:44 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-7613 - A vulnerability was found in Tenda FH1206 1.2.0.8(8155) and classified as critical. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer. The manipulation of the argument dips leads to buffer overflow. The attack may... read CVE-2024-7613
    Published: August 12, 2024; 9:38:44 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2023-32254 - A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on... read CVE-2023-32254
    Published: July 10, 2023; 12:15:52 PM -0400

    V3.1: 8.1 HIGH

  • CVE-2023-1194 - An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a mi... read CVE-2023-1194
    Published: November 03, 2023; 4:15:07 AM -0400

    V3.1: 8.1 HIGH

  • CVE-2022-47940 - An issue was discovered in ksmbd in the Linux kernel 5.15 through 5.18 before 5.18.18. fs/ksmbd/smb2pdu.c lacks length validation in the non-padding case in smb2_write.
    Published: December 23, 2022; 11:15:12 AM -0500

    V3.1: 8.1 HIGH