U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

Time Period New CVEs Received by NVD New CVEs Analyzed by NVD Modified CVEs Received by NVD Modified CVEs Re-analyzed by NVD
Today {{data.count}}
This Week {{data.count}}
This Month {{data.count}}
Last Month {{data.count}}
This Year {{data.count}}

CVE Status Count

Please Wait

CVE Status Count

{{data.name}} {{data.count}}

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}

CVSS V2 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2024-45149 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to byp... read CVE-2024-45149
    Published: October 10, 2024; 6:15:08 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2024-45148 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gai... read CVE-2024-45148
    Published: October 10, 2024; 6:15:07 AM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2024-45135 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass secu... read CVE-2024-45135
    Published: October 10, 2024; 6:15:07 AM -0400

    V3.1: 2.7 LOW

  • CVE-2024-45134 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low imp... read CVE-2024-45134
    Published: October 10, 2024; 6:15:07 AM -0400

    V3.1: 2.7 LOW

  • CVE-2024-45133 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low imp... read CVE-2024-45133
    Published: October 10, 2024; 6:15:07 AM -0400

    V3.1: 2.7 LOW

  • CVE-2024-45129 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass s... read CVE-2024-45129
    Published: October 10, 2024; 6:15:06 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2024-45130 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to byp... read CVE-2024-45130
    Published: October 10, 2024; 6:15:06 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2024-45127 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malici... read CVE-2024-45127
    Published: October 10, 2024; 6:15:06 AM -0400

    V3.1: 4.8 MEDIUM

  • CVE-2024-45125 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have... read CVE-2024-45125
    Published: October 10, 2024; 6:15:05 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2024-45124 - Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security m... read CVE-2024-45124
    Published: October 10, 2024; 6:15:05 AM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2021-4437 - A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of t... read CVE-2021-4437
    Published: February 12, 2024; 3:15:07 PM -0500

    V3.1: 6.5 MEDIUM

  • CVE-2024-25110 - The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code... read CVE-2024-25110
    Published: February 12, 2024; 3:15:08 PM -0500

    V3.1: 8.1 HIGH

  • CVE-2024-47565 - A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate that user input complies with a list of allowed values. This could allow an authenticated remote at... read CVE-2024-47565
    Published: October 08, 2024; 5:15:18 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2024-47563 - A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate a file path that is supplied to an endpoint intended to create CSR files. This could allow an unaut... read CVE-2024-47563
    Published: October 08, 2024; 5:15:18 AM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2024-47562 - A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly neutralize special elements in user input to the ```ssmctl-client``` command. This could allow an authentica... read CVE-2024-47562
    Published: October 08, 2024; 5:15:18 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-47553 - A vulnerability has been identified in Siemens SINEC Security Monitor (All versions < V4.9.0). The affected application does not properly validate user input to the ```ssmctl-client``` command. This could allow an authenticated, lowly privileged ... read CVE-2024-47553
    Published: October 08, 2024; 5:15:17 AM -0400

    V3.1: 9.9 CRITICAL

  • CVE-2024-47951 - In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
    Published: October 08, 2024; 12:15:13 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-47950 - In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings
    Published: October 08, 2024; 12:15:12 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-47949 - In JetBrains TeamCity before 2024.07.3 path traversal allowed backup file write to arbitrary location
    Published: October 08, 2024; 12:15:12 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-47948 - In JetBrains TeamCity before 2024.07.3 path traversal leading to information disclosure was possible via server backups
    Published: October 08, 2024; 12:15:12 PM -0400

    V3.1: 7.5 HIGH