U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2024-54490 - This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Sequoia 15.2. A local attacker may gain access to user's Keychain items.
    Published: December 11, 2024; 9:15:30 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2024-54476 - The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data.
    Published: December 11, 2024; 9:15:29 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2024-54471 - This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious application may be able to leak a user's credentials.
    Published: December 11, 2024; 9:15:29 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2024-47537 - GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem i... read CVE-2024-47537
    Published: December 11, 2024; 9:03:27 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2024-3846 - Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
    Published: April 17, 2024; 4:15:10 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2024-12656 - A vulnerability, which was classified as problematic, was found in FabulaTech USB over Network 6.0.6.1. This affects the function 0x220448 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereferen... read CVE-2024-12656
    Published: December 16, 2024; 12:15:09 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2024-12655 - A vulnerability, which was classified as problematic, has been found in FabulaTech USB over Network 6.0.6.1. Affected by this issue is the function 0x220420 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null... read CVE-2024-12655
    Published: December 16, 2024; 12:15:09 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2024-12667 - A vulnerability was found in InvoicePlane up to 1.6.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /invoices/view. The manipulation leads to session expiration. The attack may be launched remotely... read CVE-2024-12667
    Published: December 16, 2024; 3:15:09 PM -0500

    V3.1: 5.9 MEDIUM

  • CVE-2024-3847 - Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
    Published: April 17, 2024; 4:15:10 AM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2024-12666 - A vulnerability has been found in ClassCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin?do=admin:user:editPost of the component User Management Page. The manipulation leads to ... read CVE-2024-12666
    Published: December 16, 2024; 3:15:09 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2024-3516 - Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
    Published: April 10, 2024; 3:15:49 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2024-12665 - A vulnerability, which was classified as problematic, was found in ruifang-tech Rebuild 3.8.5. Affected is an unknown function of the component Task Comment Attachment Upload. The manipulation leads to cross site scripting. It is possible to launc... read CVE-2024-12665
    Published: December 16, 2024; 3:15:09 PM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2024-12664 - A vulnerability, which was classified as problematic, has been found in ruifang-tech Rebuild 3.8.5. This issue affects some unknown processing of the component Project Task Comment Handler. The manipulation leads to cross site scripting. The attac... read CVE-2024-12664
    Published: December 16, 2024; 3:15:09 PM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2024-3832 - Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
    Published: April 17, 2024; 4:15:10 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-12660 - A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. It has been declared as problematic. Affected by this vulnerability is the function 0x8001E018 in the library AscRegistryFilter.sys of the component IOCTL Handler. The ma... read CVE-2024-12660
    Published: December 16, 2024; 1:15:10 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2024-12659 - A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. It has been classified as problematic. Affected is the function 0x8001E004 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to ... read CVE-2024-12659
    Published: December 16, 2024; 1:15:10 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2024-12658 - A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0 and classified as problematic. This issue affects the function 0x8001E01C in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to nu... read CVE-2024-12658
    Published: December 16, 2024; 1:15:10 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2024-12657 - A vulnerability has been found in IObit Advanced SystemCare Utimate up to 17.0.0 and classified as problematic. This vulnerability affects the function 0x8001E000 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulatio... read CVE-2024-12657
    Published: December 16, 2024; 12:15:09 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2024-3833 - Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
    Published: April 17, 2024; 4:15:10 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-12662 - A vulnerability classified as problematic has been found in IObit Advanced SystemCare Utimate up to 17.0.0. This affects the function 0x8001E040 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null po... read CVE-2024-12662
    Published: December 16, 2024; 2:15:07 PM -0500

    V3.1: 5.5 MEDIUM

Created September 20, 2022 , Updated August 27, 2024