NVD - Home
U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2024-5274 - Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
    Published: May 28, 2024; 11:15:10 AM -0400

    V3.1: 9.6 CRITICAL

  • CVE-2024-5910 - Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning... read CVE-2024-5910
    Published: July 10, 2024; 3:15:11 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-7971 - Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
    Published: August 21, 2024; 5:15:09 PM -0400

    V3.1: 9.6 CRITICAL

  • CVE-2024-53079 - In the Linux kernel, the following vulnerability has been resolved: mm/thp: fix deferred split unqueue naming and locking Recent changes are putting more pressure on THP deferred split queues: under load revealing long-standing races, causing li... read CVE-2024-53079
    Published: November 19, 2024; 1:15:27 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2024-53080 - In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Lock XArray when getting entries for the VM Similar to commit cac075706f29 ("drm/panthor: Fix race when converting group handle to group object") we need to use the... read CVE-2024-53080
    Published: November 19, 2024; 1:15:27 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2024-53081 - In the Linux kernel, the following vulnerability has been resolved: media: ar0521: don't overflow when checking PLL values The PLL checks are comparing 64 bit integers with 32 bit ones, as reported by Coverity. Depending on the values of the var... read CVE-2024-53081
    Published: November 19, 2024; 1:15:27 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2024-53045 - In the Linux kernel, the following vulnerability has been resolved: ASoC: dapm: fix bounds checker error in dapm_widget_list_create The widgets array in the snd_soc_dapm_widget_list has a __counted_by attribute attached to it, which points to th... read CVE-2024-53045
    Published: November 19, 2024; 1:15:24 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2024-53044 - In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_api: fix xa_insert() error path in tcf_block_get_ext() This command: $ tc qdisc replace dev eth0 ingress_block 1 egress_block 1 clsact Error: block dev insert fa... read CVE-2024-53044
    Published: November 19, 2024; 1:15:24 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2024-20995 - Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with net... read CVE-2024-20995
    Published: April 16, 2024; 6:15:12 PM -0400

  • CVE-2024-20956 - Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Installation). Supported versions that are affected are Prior to 6.2.4.2. Easily exploitable vulnerability allows unauthenticate... read CVE-2024-20956
    Published: February 16, 2024; 9:15:49 PM -0500

  • CVE-2024-20958 - Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with net... read CVE-2024-20958
    Published: February 16, 2024; 9:15:49 PM -0500

  • CVE-2024-20980 - Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access v... read CVE-2024-20980
    Published: February 16, 2024; 9:15:51 PM -0500

  • CVE-2024-20982 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with networ... read CVE-2024-20982
    Published: February 16, 2024; 9:15:51 PM -0500

  • CVE-2024-20984 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server : Security : Firewall). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows high privileged attacke... read CVE-2024-20984
    Published: February 16, 2024; 9:15:51 PM -0500

  • CVE-2024-20986 - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network ... read CVE-2024-20986
    Published: February 16, 2024; 9:15:52 PM -0500

  • CVE-2024-20989 - Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony POS). Supported versions that are affected are 19.1.0-19.5.4. Difficult to exploit vulnerability allows unauthenticated attacke... read CVE-2024-20989
    Published: April 16, 2024; 6:15:11 PM -0400

  • CVE-2024-20990 - Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Templates). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network ... read CVE-2024-20990
    Published: April 16, 2024; 6:15:11 PM -0400

  • CVE-2024-20992 - Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Content integration). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with netwo... read CVE-2024-20992
    Published: April 16, 2024; 6:15:12 PM -0400

  • CVE-2024-20993 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with networ... read CVE-2024-20993
    Published: April 16, 2024; 6:15:12 PM -0400

  • CVE-2024-20994 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows low privileged attacker w... read CVE-2024-20994
    Published: April 16, 2024; 6:15:12 PM -0400

Created September 20, 2022 , Updated August 27, 2024