U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

Time Period New CVEs Received by NVD New CVEs Analyzed by NVD Modified CVEs Received by NVD Modified CVEs Re-analyzed by NVD
Today {{data.count}}
This Week {{data.count}}
This Month {{data.count}}
Last Month {{data.count}}
This Year {{data.count}}

CVE Status Count

Please Wait

CVE Status Count

{{data.name}} {{data.count}}

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}

CVSS V2 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2023-6515 - Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. M?A-MED allows Authentication Abuse.This issue affects M?A-MED: before 1.0.7.
    Published: February 08, 2024; 5:15:11 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-6517 - Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. M?A-MED allows Collect Data as Provided by Users.This issue affects M?A-MED: before 1.0.7.
    Published: February 08, 2024; 7:15:55 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-6518 - Plaintext Storage of a Password vulnerability in Mia Technology Inc. M?A-MED allows Read Sensitive Strings Within an Executable.This issue affects M?A-MED: before 1.0.7.
    Published: February 08, 2024; 7:15:55 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-6519 - Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. M?A-MED allows Read Sensitive Strings Within an Executable.This issue affects M?A-MED: before 1.0.7.
    Published: February 08, 2024; 7:15:55 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-52448 - In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump Syzkaller has reported a NULL pointer dereference when accessing rgd->rd_rgl in gfs2_rgrp_dump(). This can happen wh... read CVE-2023-52448
    Published: February 22, 2024; 12:15:08 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2023-52449 - In the Linux kernel, the following vulnerability has been resolved: mtd: Fix gluebi NULL pointer dereference caused by ftl notifier If both ftl.ko and gluebi.ko are loaded, the notifier of ftl triggers NULL pointer dereference when trying to acc... read CVE-2023-52449
    Published: February 22, 2024; 12:15:08 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2023-52450 - In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() Get logical socket id instead of physical id in discover_upi_topology() to avoid out-of-bound ac... read CVE-2023-52450
    Published: February 22, 2024; 12:15:08 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2023-52451 - In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/memhp: Fix access beyond end of drmem array dlpar_memory_remove_by_index() may access beyond the bounds of the drmem lmb array when the LMB lookup fails to match... read CVE-2023-52451
    Published: February 22, 2024; 12:15:08 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-52452 - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix accesses to uninit stack slots Privileged programs are supposed to be able to read uninitialized stack memory (ever since 6715df8d5) but, before this patch, these acces... read CVE-2023-52452
    Published: February 22, 2024; 12:15:08 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2024-26586 - In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets bound to an ACL group in the device. The group ... read CVE-2024-26586
    Published: February 22, 2024; 12:15:08 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2024-26587 - In the Linux kernel, the following vulnerability has been resolved: net: netdevsim: don't try to destroy PHC on VFs PHC gets initialized in nsim_init_netdevsim(), which is only called if (nsim_dev_port_is_pf()). Create a counterpart of nsim_ini... read CVE-2024-26587
    Published: February 22, 2024; 12:15:08 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2024-26588 - In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Prevent out-of-bounds memory access The test_tag test triggers an unhandled page fault: # ./test_tag [ 130.640218] CPU 0 Unable to handle kernel paging req... read CVE-2024-26588
    Published: February 22, 2024; 12:15:08 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2024-26589 - In the Linux kernel, the following vulnerability has been resolved: bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS For PTR_TO_FLOW_KEYS, check_flow_keys_access() only uses fixed off for validation. However, variable offset ptr alu is not pr... read CVE-2024-26589
    Published: February 22, 2024; 12:15:09 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2024-26591 - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix re-attachment branch in bpf_tracing_prog_attach The following case can cause a crash due to missing attach_btf: 1) load rawtp program 2) load fentry program with rawtp... read CVE-2024-26591
    Published: February 22, 2024; 12:15:09 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2024-26590 - In the Linux kernel, the following vulnerability has been resolved: erofs: fix inconsistent per-file compression format EROFS can select compression algorithms on a per-file basis, and each per-file compression algorithm needs to be marked in th... read CVE-2024-26590
    Published: February 22, 2024; 12:15:09 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2023-42282 - The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic.
    Published: February 08, 2024; 12:15:10 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2023-37605 - Weak Exception Handling vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a crafted request to the password parameter.
    Published: October 02, 2023; 3:15:10 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-48541 - A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command.
    Published: August 22, 2023; 3:16:31 PM -0400

    V3.1: 7.1 HIGH

  • CVE-2023-36554 - A improper access control in Fortinet FortiManager version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.10, version 6.4.0 through 6.4.13, 6.2 all versions allows attacker to execute unauthorized code or commands via specially craf... read CVE-2023-36554
    Published: March 12, 2024; 11:15:45 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2023-42789 - A out-of-bounds write in Fortinet FortiOS 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, FortiProxy 7.4.0, 7.2.0 through 7.2.6, 7.0.0 through 7.0.12, 2.0.0 through 2.0.13 allows attacker... read CVE-2023-42789
    Published: March 12, 2024; 11:15:46 AM -0400

    V3.1: 9.8 CRITICAL