这是indexloc提供的服务,不要输入任何密码
U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2024-40585 - An insertion of sensitive information into log file vulnerabilities [CWE-532] in FortiManager version 7.4.0, version 7.2.3 and below, version 7.0.8 and below, version 6.4.12 and below, version 6.2.11 and below and FortiAnalyzer version 7.4.0, vers... read CVE-2024-40585
    Published: March 14, 2025; 12:15:33 PM -0400

  • CVE-2023-33300 - A improper neutralization of special elements used in a command ('command injection') in Fortinet FortiNAC 7.2.1 and earlier, 9.4.3 and earlier allows attacker a limited, unauthorized file access via specifically crafted request in inter-server c... read CVE-2023-33300
    Published: March 14, 2025; 12:15:27 PM -0400

  • CVE-2025-7762 - A vulnerability, which was classified as critical, has been found in D-Link DI-8100 16.07.26A1. This issue affects some unknown processing of the file /menu_nat_more.asp of the component HTTP Request Handler. The manipulation leads to stack-based ... read CVE-2025-7762
    Published: July 17, 2025; 6:15:27 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2025-7758 - A vulnerability, which was classified as critical, has been found in TOTOLINK T6 up to 4.1.5cu.748_B20211015. Affected by this issue is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The m... read CVE-2025-7758
    Published: July 17, 2025; 6:15:27 PM -0400

  • CVE-2024-8238 - In version 3.22.0 of aimhubio/aim, the AimQL query language uses an outdated version of the safer_getattr() function from RestrictedPython. This version does not protect against the str.format_map() method, allowing an attacker to leak server-side... read CVE-2024-8238
    Published: March 20, 2025; 6:15:41 AM -0400

    V3.1: 8.1 HIGH

  • CVE-2024-6851 - In version 3.22.0 of aimhubio/aim, the LocalFileManager._cleanup function in the aim tracking server accepts a user-specified glob-pattern for deleting files. The function does not verify that the matched files are within the directory managed by ... read CVE-2024-6851
    Published: March 20, 2025; 6:15:34 AM -0400

  • CVE-2024-6829 - A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the `tarfile.extractall()` function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control `repo.pat... read CVE-2024-6829
    Published: March 20, 2025; 6:15:33 AM -0400

  • CVE-2024-6483 - A vulnerability in the `runs/delete-batch` endpoint of aimhubio/aim version 3.19.3 allows for arbitrary file or directory deletion through path traversal. The endpoint does not mitigate path traversal when handling user-specified run-names, which ... read CVE-2024-6483
    Published: March 20, 2025; 6:15:32 AM -0400

  • CVE-2024-10110 - In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking ... read CVE-2024-10110
    Published: March 20, 2025; 6:15:14 AM -0400

  • CVE-2024-6396 - A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `r... read CVE-2024-6396
    Published: July 11, 2024; 8:15:01 PM -0400

  • CVE-2025-21427 - Information disclosure while decoding this RTP packet Payload when UE receives the RTP packet from the network.
    Published: July 08, 2025; 9:15:29 AM -0400

    V3.1: 8.2 HIGH

  • CVE-2024-8061 - In version 3.23.0 of aimhubio/aim, certain methods that request data from external servers do not have set timeouts, causing the server to wait indefinitely for a response. This can lead to a denial of service, as the tracking server does not resp... read CVE-2024-8061
    Published: March 20, 2025; 6:15:40 AM -0400

  • CVE-2025-45986 - Blink routers BL-WR9000 V2.4.9 , BL-AC2100_AZ3 V1.0.4, BL-X10_AC8 v1.0.5 , BL-LTE300 v1.2.3, BL-F1200_AT1 v1.0.0, BL-X26_AC8 v1.2.8, BLAC450M_AE4 v4.0.0 and BL-X26_DA3 v1.2.7 werediscovered to contain a command injection vulnerability via the mac ... read CVE-2025-45986
    Published: June 13, 2025; 8:15:34 AM -0400

  • CVE-2024-7726 - There exists an unauthenticated accessible JTAG port on the Kioxia PM6, PM7 and CM6 devices - On the Kioxia CM6, PM6 and PM7 disk drives it was discovered that the 2 main CPU cores of the SoC can be accessed via an open JTAG debug port that is exp... read CVE-2024-7726
    Published: December 20, 2024; 6:15:08 AM -0500

  • CVE-2024-12236 - A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for image input, data exfiltration is possible due to requests being routed outside the VPC-SC security perimeter, circumventing the in... read CVE-2024-12236
    Published: December 10, 2024; 10:15:07 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2024-11407 - There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the applicatio... read CVE-2024-11407
    Published: November 26, 2024; 12:15:22 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2024-11498 - There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to 256mb is possible, maybe 512mb), potentially exhausting the stack. An attacker can craft a file th... read CVE-2024-11498
    Published: November 25, 2024; 9:15:06 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2024-11403 - There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression (i.e. if using JxlEncoderAddJPEGFrame on untrusted inp... read CVE-2024-11403
    Published: November 25, 2024; 9:15:06 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2024-9526 - There exists a stored XSS Vulnerability in Kubeflow Pipeline View web UI. The Kubeflow Web UI allows to create new pipelines. When creating a new pipeline, it is possible to add a description. The description field allows html tags, which are not ... read CVE-2024-9526
    Published: November 18, 2024; 9:15:05 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2024-11023 - Firebase JavaScript SDK utilizes a "FIREBASE_DEFAULTS" cookie to store configuration data, including an "_authTokenSyncURL" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker c... read CVE-2024-11023
    Published: November 18, 2024; 6:15:05 AM -0500

    V3.1: 6.1 MEDIUM

Created September 20, 2022 , Updated August 27, 2024