NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:May 13, 2026, 5:05 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
312451	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable() For cases where the crtc's connectors_changed was set wit…	CWE-476 NULL Pointer Dereference	CVE-2024-45015	2024-09-14 01:35	2024-09-12	Show	GitHub Exploit DB Packet Storm

312452	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: nvme: move stopping keep-alive into nvme_uninit_ctrl() Commit 4733b65d82bd ("nvme: start keep-alive after admin queue setup") mov…	CWE-416 Use After Free	CVE-2024-45013	2024-09-14 01:35	2024-09-12	Show	GitHub Exploit DB Packet Storm

312453	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: nouveau/firmware: use dma non-coherent allocator Currently, enabling SG_DEBUG in the kernel will cause nouveau to hit a BUG() on …	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2024-45012	2024-09-14 01:35	2024-09-12	Show	GitHub Exploit DB Packet Storm

312454	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only mark 'subflow' endp as available Adding the following warning ... WARN_ON_ONCE(msk->pm.local_addr_used == 0) …	NVD-CWE-noinfo	CVE-2024-45010	2024-09-14 01:35	2024-09-12	Show	GitHub Exploit DB Packet Storm

312455	5.4	MEDIUM Network	perfexcrm	perfex_crm	A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Cont…	CWE-79 Cross-site Scripting	CVE-2024-44851	2024-09-14 01:34	2024-09-12	Show	GitHub Exploit DB Packet Storm

312456	9.8	CRITICAL Network	comfast	cf-xr11_firmware	COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface.	CWE-77 Command Injection	CVE-2024-44466	2024-09-14 01:32	2024-09-12	Show	GitHub Exploit DB Packet Storm

312457	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE copy_fd_bitmaps(new, old, count) is expected to copy the first co…	CWE-787 Out-of-bounds Write	CVE-2024-45025	2024-09-14 01:30	2024-09-12	Show	GitHub Exploit DB Packet Storm

312458	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix hugetlb vs. core-mm PT locking We recently made GUP's common page table walking code to also walk hugetlb VMAs wi…	CWE-667 Improper Locking	CVE-2024-45024	2024-09-14 01:30	2024-09-12	Show	GitHub Exploit DB Packet Storm

312459	7.1	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: md/raid1: Fix data corruption for degraded array with slow disk read_balance() will avoid reading from slow disks as much as poss…	CWE-787 Out-of-bounds Write	CVE-2024-45023	2024-09-14 01:30	2024-09-12	Show	GitHub Exploit DB Packet Storm

312460	3.9	LOW Physics	redhat opensc_project	enterprise_linux opensc	A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient…	CWE-908 Use of Uninitialized Resource	CVE-2024-45618	2024-09-14 01:30	2024-09-4	Show	GitHub Exploit DB Packet Storm

312461	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion wpa_supplicant 2.11 sends since 1efdba5fdc2c ("Handle PMKSA flush in t…	CWE-476 NULL Pointer Dereference	CVE-2024-46672	2024-09-14 01:29	2024-09-12	Show	GitHub Exploit DB Packet Storm

312462	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: mmc: mmc_test: Fix NULL dereference on allocation failure If the "test->highmem = alloc_pages()" allocation fails then calling __…	CWE-476 NULL Pointer Dereference	CVE-2024-45028	2024-09-14 01:29	2024-09-12	Show	GitHub Exploit DB Packet Storm

312463	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: igb: cope with large MAX_SKB_FRAGS Sabrina reports that the igb driver does not cope well with large MAX_SKB_FRAG values: setting…	CWE-787 Out-of-bounds Write	CVE-2024-45030	2024-09-14 01:29	2024-09-12	Show	GitHub Exploit DB Packet Storm

312464	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: Do not mark ACPI devices as irq safe On ACPI machines, the tegra i2c module encounters an issue due to a mutex being …	CWE-667 Improper Locking	CVE-2024-45029	2024-09-14 01:29	2024-09-12	Show	GitHub Exploit DB Packet Storm

312465	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check for xhci->interrupters being allocated in xhci_mem_clearup() If xhci_mem_init() fails, it calls into xhci_mem_cl…	CWE-459 Incomplete Cleanup	CVE-2024-45027	2024-09-14 01:29	2024-09-12	Show	GitHub Exploit DB Packet Storm

312466	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix error recovery leading to data corruption on ESE devices Extent Space Efficient (ESE) or thin provisioned volumes …	CWE-787 Out-of-bounds Write	CVE-2024-45026	2024-09-14 01:29	2024-09-12	Show	GitHub Exploit DB Packet Storm

312467	7.8	HIGH Local	samsung	universal_print_driver	The Samsung Universal Print Driver for Windows is potentially vulnerable to escalation of privilege allowing the creation of a reverse shell in the tool. This is only applicable for products in the a…	NVD-CWE-noinfo	CVE-2024-5760	2024-09-14 01:28	2024-09-12	Show	GitHub Exploit DB Packet Storm

312468	8.8	HIGH Network	mayurik	best_house_rental_management_system	A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is the function delete_user/save_user of the file /admin_class.php. The manip…	CWE-89 SQL Injection	CVE-2024-8709	2024-09-14 01:27	2024-09-12	Show	GitHub Exploit DB Packet Storm

312469	6.1	MEDIUM Network	payara	payara	URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.This issue affects Payara Server: from …	CWE-601 Open Redirect	CVE-2024-7312	2024-09-14 01:27	2024-09-12	Show	GitHub Exploit DB Packet Storm

312470	8.8	HIGH Network	code-projects	inventory_management	A vulnerability classified as critical was found in code-projects Inventory Management 1.0. Affected by this vulnerability is an unknown functionality of the file /model/viewProduct.php of the compon…	CWE-89 SQL Injection	CVE-2024-8710	2024-09-14 01:25	2024-09-12	Show	GitHub Exploit DB Packet Storm

312471	7.5	HIGH Network	oretnom23	food_ordering_management_system	A vulnerability, which was classified as problematic, has been found in SourceCodester Food Ordering Management System 1.0. Affected by this issue is some unknown functionality of the file /includes/…	NVD-CWE-Other	CVE-2024-8711	2024-09-14 01:18	2024-09-12	Show	GitHub Exploit DB Packet Storm

312472	6.1	MEDIUM Network	scriptonite	music_request_manager	The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin ad…	CWE-352 Origin Validation Error	CVE-2024-6017	2024-09-14 01:17	2024-09-12	Show	GitHub Exploit DB Packet Storm

312473	6.1	MEDIUM Network	scriptonite	music_request_manager	The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Script…	CWE-79 Cross-site Scripting	CVE-2024-6018	2024-09-14 01:15	2024-09-12	Show	GitHub Exploit DB Packet Storm

312474	6.1	MEDIUM Network	scriptonite	music_request_manager	The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against ad…	CWE-79 Cross-site Scripting	CVE-2024-6019	2024-09-14 01:13	2024-09-12	Show	GitHub Exploit DB Packet Storm

312475	4.8	MEDIUM Network	pega	infinity	Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name.	CWE-79 Cross-site Scripting	CVE-2024-6700	2024-09-14 01:09	2024-09-13	Show	GitHub Exploit DB Packet Storm

312476	4.8	MEDIUM Network	pega	infinity	Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type.	CWE-79 Cross-site Scripting	CVE-2024-6701	2024-09-14 01:08	2024-09-13	Show	GitHub Exploit DB Packet Storm

312477	4.8	MEDIUM Network	pega	infinity	Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.	CWE-79 Cross-site Scripting	CVE-2024-6702	2024-09-14 01:07	2024-09-13	Show	GitHub Exploit DB Packet Storm

312478	4.3	MEDIUM Adjacent	kasdanet	kw5515_firmware	Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script	CWE-79 Cross-site Scripting	CVE-2020-24061	2024-09-14 01:05	2024-09-13	Show	GitHub Exploit DB Packet Storm

312479	6.1	MEDIUM Network	yzane	markdown_pdf	A vulnerability, which was classified as problematic, was found in yzane vscode-markdown-pdf 1.5.0. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to ini…	CWE-79 Cross-site Scripting	CVE-2024-7739	2024-09-14 01:03	2024-08-14	Show	GitHub Exploit DB Packet Storm

312480	7.8	HIGH Local	yzane	markdown_pdf	A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0. Affected by this issue is some unknown functionality of the component Markdown File Handler. T…	CWE-22 Path Traversal	CVE-2024-7738	2024-09-14 01:03	2024-08-14	Show	GitHub Exploit DB Packet Storm

312481	4.3	MEDIUM Network	mirapolis	lms	An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading …	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2024-25270	2024-09-14 01:01	2024-09-13	Show	GitHub Exploit DB Packet Storm

312482	9.8	CRITICAL Network	docker	desktop	A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.	NVD-CWE-noinfo	CVE-2024-8696	2024-09-14 01:01	2024-09-13	Show	GitHub Exploit DB Packet Storm

312483	9.8	CRITICAL Network	docker	desktop	A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.	NVD-CWE-noinfo	CVE-2024-8695	2024-09-14 01:01	2024-09-13	Show	GitHub Exploit DB Packet Storm

312484	7.2	HIGH Network	starkdigital	wp_testimonial_widget	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stark Digital WP Testimonial Widget.This issue affects WP Testimonial Widget: from n/a through 3.…	CWE-89 SQL Injection	CVE-2024-43966	2024-09-14 01:01	2024-08-27	Show	GitHub Exploit DB Packet Storm

312485	5.3	MEDIUM Adjacent	phoenixcontact	charx_sec-3150_firmware charx_sec-3100_firmware charx_sec-3050_firmware charx_sec-3000_firmware	An unauthenticated remote attacker can use this vulnerability to change the device configuration due to a file writeable for short time after system startup.	CWE-552 Files or Directories Accessible to External Parties	CVE-2024-3913	2024-09-14 00:58	2024-08-13	Show	GitHub Exploit DB Packet Storm

312486	5.4	MEDIUM Network	code-projects	inventory_management	A vulnerability classified as problematic was found in code-projects Inventory Management 1.0. This vulnerability affects unknown code of the file /view/registration.php of the component Registration…	CWE-79 Cross-site Scripting	CVE-2024-8605	2024-09-14 00:31	2024-09-10	Show	GitHub Exploit DB Packet Storm

312487	4.8	MEDIUM Network	craftcms	craft_cms	Craft is a content management system (CMS). Craft CMS 5 stored XSS can be triggered by the breadcrumb list and title fields with user input.	CWE-79 Cross-site Scripting	CVE-2024-45406	2024-09-14 00:30	2024-09-10	Show	GitHub Exploit DB Packet Storm

312488	7.2	HIGH Network	mozilo	mozilocms	An arbitrary file upload vulnerability in the component /admin/index.php of moziloCMS v3.0 allows attackers to execute arbitrary code via uploading a crafted file.	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2024-44871	2024-09-14 00:28	2024-09-11	Show	GitHub Exploit DB Packet Storm

312489	6.1	MEDIUM Network	mozilo	mozilocms	A reflected cross-site scripting (XSS) vulnerability in moziloCMS v3.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.	CWE-79 Cross-site Scripting	CVE-2024-44872	2024-09-14 00:26	2024-09-11	Show	GitHub Exploit DB Packet Storm

312490	7.8	HIGH Local	microsoft	windows_10_1809 windows_server_2019 windows_server_2022 windows_11_21h2 windows_11_22h2 windows_server_2022_23h2 windows_10_1607 windows_server_2016 windows_10_22h2 windows…	Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability	NVD-CWE-noinfo	CVE-2024-38252	2024-09-14 00:23	2024-09-11	Show	GitHub Exploit DB Packet Storm

312491	7.8	HIGH Local	microsoft	windows_11_21h2 windows_11_22h2 windows_server_2022_23h2 windows_11_24h2 windows_11_23h2	Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability	NVD-CWE-noinfo	CVE-2024-38253	2024-09-14 00:20	2024-09-11	Show	GitHub Exploit DB Packet Storm

312492	6.2	MEDIUM Local	microsoft	windows_10_1507 windows_10_1809 windows_server_2019 windows_server_2022 windows_11_21h2 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2 windows_10_1607 windows_ser…	Windows Authentication Information Disclosure Vulnerability	NVD-CWE-noinfo	CVE-2024-38254	2024-09-14 00:16	2024-09-11	Show	GitHub Exploit DB Packet Storm

312493	6.5	MEDIUM Network	zoneminder	zoneminder	ZoneMinder is a free, open source Closed-circuit television software application. In WWW/AJAX/watch.php, Line: 51 takes a few parameter in sql query without sanitizing it which makes it vulnerable to…	CWE-89 SQL Injection	CVE-2023-41884	2024-09-14 00:08	2024-08-13	Show	GitHub Exploit DB Packet Storm

312494	5.5	MEDIUM Local	microsoft	windows_server_2008 windows_server_2012 windows_10_1507 windows_10_1809 windows_server_2019 windows_10_1607 windows_server_2016 windows_10_22h2 windows_10_21h1	Windows Kernel-Mode Driver Information Disclosure Vulnerability	NVD-CWE-noinfo	CVE-2024-38256	2024-09-14 00:05	2024-09-11	Show	GitHub Exploit DB Packet Storm

312495	7.5	HIGH Network	microsoft	windows_server_2008 windows_server_2012 windows_server_2019 windows_server_2022 windows_server_2022_23h2 windows_server_2016	Windows Remote Desktop Licensing Service Information Disclosure Vulnerability	NVD-CWE-noinfo	CVE-2024-38258	2024-09-14 00:00	2024-09-11	Show	GitHub Exploit DB Packet Storm

312496	7.5	HIGH Network	microsoft	windows_server_2008 windows_server_2012 windows_server_2019 windows_server_2022 windows_server_2022_23h2 windows_server_2016	Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability	NVD-CWE-noinfo	CVE-2024-38263	2024-09-13 23:55	2024-09-11	Show	GitHub Exploit DB Packet Storm

312497	8.8	HIGH Network	microsoft	windows_server_2008 windows_server_2012 windows_server_2019 windows_server_2022 windows_server_2022_23h2 windows_server_2016	Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability	NVD-CWE-noinfo	CVE-2024-38260	2024-09-13 23:53	2024-09-11	Show	GitHub Exploit DB Packet Storm

312498	7.1	HIGH Network	microsoft	windows_server_2008 windows_server_2012 windows_server_2019 windows_server_2022 windows_server_2022_23h2 windows_server_2016	Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability	NVD-CWE-noinfo	CVE-2024-43454	2024-09-13 23:52	2024-09-11	Show	GitHub Exploit DB Packet Storm

312499	9.8	CRITICAL Network	microsoft	windows_server_2008 windows_server_2016 windows_server_2012 windows_server_2019 windows_server_2022 windows_server_2022_23h2	Windows Remote Desktop Licensing Service Spoofing Vulnerability	NVD-CWE-noinfo	CVE-2024-43455	2024-09-13 23:50	2024-09-11	Show	GitHub Exploit DB Packet Storm

312500	7.2	HIGH Network	microsoft	sharepoint_server	Microsoft SharePoint Server Remote Code Execution Vulnerability	NVD-CWE-noinfo	CVE-2024-43464	2024-09-13 23:48	2024-09-11	Show	GitHub Exploit DB Packet Storm