NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:May 11, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
312901	-	-	-	-	Beijing Digital China Cloud Technology Co., Ltd. DCME-320 v.7.4.12.60 has a command execution vulnerability, which can be exploited to obtain device administrator privileges via the getVar function i…	-	CVE-2024-42905	2024-08-29 22:25	2024-08-29	Show	GitHub Exploit DB Packet Storm

312902	-	-	-	-	A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authe…	-	CVE-2024-20478	2024-08-29 22:25	2024-08-29	Show	GitHub Exploit DB Packet Storm

312903	-	-	-	-	A vulnerability in the DHCPv6 relay agent of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerabi…	-	CVE-2024-20446	2024-08-29 22:25	2024-08-29	Show	GitHub Exploit DB Packet Storm

312904	-	-	-	-	A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to elevate privileges to network-admin on an affected device. This vul…	-	CVE-2024-20413	2024-08-29 22:25	2024-08-29	Show	GitHub Exploit DB Packet Storm

312905	-	-	-	-	A vulnerability in Cisco NX-OS Software could allow an authenticated, local attacker with privileges to access the Bash shell to execute arbitrary code as root on an affected device. This vul…	-	CVE-2024-20411	2024-08-29 22:25	2024-08-29	Show	GitHub Exploit DB Packet Storm

312906	-	-	-	-	A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected device.…	-	CVE-2024-20289	2024-08-29 22:25	2024-08-29	Show	GitHub Exploit DB Packet Storm

312907	-	-	-	-	Ruoyi v4.7.9 and before was discovered to contain a cross-site scripting (XSS) vulnerability via the sql parameter of the createTable() function at /tool/gen/create.	-	CVE-2024-42900	2024-08-29 22:25	2024-08-29	Show	GitHub Exploit DB Packet Storm

312908	-	-	-	-	A vulnerability in the restricted security domain implementation of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, remote attacker to modify the behavior of d…	-	CVE-2024-20279	2024-08-29 22:25	2024-08-29	Show	GitHub Exploit DB Packet Storm

312909	-	-	-	-	Ezviz Internet PT Camera CS-CV246 D15655150 allows an unauthenticated host to access its live video stream by crafting a set of RTSP packets with a specific set of URLs that can be used to redirect t…	-	CVE-2024-42531	2024-08-29 22:15	2024-08-24	Show	GitHub Exploit DB Packet Storm

312910	-	-	-	-	A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability t…	-	CVE-2024-45346	2024-08-29 12:15	2024-08-28	Show	GitHub Exploit DB Packet Storm

312911	9.8	CRITICAL Network	angeljudesuarez	tailoring_management_system_project_in_php	A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. This affects an unknown part of the file partedit.php. The manipulation of the argument i…	CWE-89 SQL Injection	CVE-2024-7455	2024-08-29 11:57	2024-08-4	Show	GitHub Exploit DB Packet Storm

312912	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free and race in fastrpc_map_find Currently, there is a race window between the point when the mutex…	CWE-416 Use After Free	CVE-2022-48874	2024-08-29 11:42	2024-08-21	Show	GitHub Exploit DB Packet Storm

312913	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix initialization of rx->link and rx->link_sta There are some codepaths that do not initialize rx->link_sta prop…	CWE-476 NULL Pointer Dereference	CVE-2022-48876	2024-08-29 11:41	2024-08-21	Show	GitHub Exploit DB Packet Storm

312914	7.1	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: Fix refcount leak in amd_pmc_probe pci_get_domain_bus_and_slot() takes reference, the caller should release the…	NVD-CWE-Other	CVE-2022-48881	2024-08-29 11:39	2024-08-21	Show	GitHub Exploit DB Packet Storm

312915	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: efi: fix NULL-deref in init error path In cases where runtime services are not supported or have been disabled, the runtime servi…	CWE-476 NULL Pointer Dereference	CVE-2022-48879	2024-08-29 11:39	2024-08-21	Show	GitHub Exploit DB Packet Storm

312916	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_qca: Fix driver shutdown on closed serdev The driver shutdown callback (which sends EDL_SOC_RESET to the device ov…	CWE-416 Use After Free	CVE-2022-48878	2024-08-29 11:39	2024-08-21	Show	GitHub Exploit DB Packet Storm

312917	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Fix memory leak in msm_mdss_parse_data_bus_icc_path of_icc_get() alloc resources for path1, we should release it whe…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2022-48888	2024-08-29 11:36	2024-08-21	Show	GitHub Exploit DB Packet Storm

312918	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix macsec possible null dereference when updating MAC security entity (SecY) Upon updating MAC security entity (SecY)…	CWE-476 NULL Pointer Dereference	CVE-2022-48882	2024-08-29 11:36	2024-08-21	Show	GitHub Exploit DB Packet Storm

312919	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: sched/core: Fix use-after-free bug in dup_user_cpus_ptr() Since commit 07ec77a1d4e8 ("sched: Allow task CPU affinity to be restri…	CWE-415 CWE-416 Double Free Use After Free	CVE-2022-48892	2024-08-29 11:35	2024-08-21	Show	GitHub Exploit DB Packet Storm

312920	9.8	CRITICAL Network	tenda	g3_firmware	A vulnerability, which was classified as critical, has been found in Tenda G3 15.11.0.20. This issue affects the function formSetDebugCfg of the file /goform/setDebugCfg. The manipulation of the argu…	CWE-787 Out-of-bounds Write	CVE-2024-8224	2024-08-29 09:16	2024-08-28	Show	GitHub Exploit DB Packet Storm

312921	9.8	CRITICAL Network	tenda	g3_firmware	A vulnerability, which was classified as critical, was found in Tenda G3 15.11.0.20. Affected is the function formSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument sysTim…	CWE-787 Out-of-bounds Write	CVE-2024-8225	2024-08-29 09:14	2024-08-28	Show	GitHub Exploit DB Packet Storm

312922	9.8	CRITICAL Network	tenda	o1_firmware	A vulnerability has been found in Tenda O1 1.0.0.7(10648) and classified as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm. The manipulation of the arg…	CWE-787 Out-of-bounds Write	CVE-2024-8226	2024-08-29 09:13	2024-08-28	Show	GitHub Exploit DB Packet Storm

312923	9.8	CRITICAL Network	tenda	o1_firmware	A vulnerability was found in Tenda O1 1.0.0.7(10648) and classified as critical. Affected by this issue is the function fromDhcpSetSer of the file /goform/DhcpSetSer. The manipulation of the argument…	CWE-787 Out-of-bounds Write	CVE-2024-8227	2024-08-29 09:12	2024-08-28	Show	GitHub Exploit DB Packet Storm

312924	9.8	CRITICAL Network	tenda	o5_firmware	A vulnerability was found in Tenda O5 1.0.0.8(5017). It has been classified as critical. This affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the a…	CWE-787 Out-of-bounds Write	CVE-2024-8228	2024-08-29 09:11	2024-08-28	Show	GitHub Exploit DB Packet Storm

312925	9.8	CRITICAL Network	tenda	o6_firmware	A vulnerability was found in Tenda O6 1.0.0.7(2054). It has been declared as critical. This vulnerability affects the function frommacFilterModify of the file /goform/operateMacFilter. The manipulati…	CWE-787 Out-of-bounds Write	CVE-2024-8229	2024-08-29 09:10	2024-08-28	Show	GitHub Exploit DB Packet Storm

312926	9.8	CRITICAL Network	tenda	o6_firmware	A vulnerability was found in Tenda O6 1.0.0.7(2054). It has been rated as critical. This issue affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the …	CWE-787 Out-of-bounds Write	CVE-2024-8230	2024-08-29 09:08	2024-08-28	Show	GitHub Exploit DB Packet Storm

312927	6.5	MEDIUM Network	zoom	rooms_controller rooms meeting_software_development_kit workplace_virtual_desktop_infrastructure workplace_desktop workplace	Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.	CWE-787 Out-of-bounds Write	CVE-2024-42438	2024-08-29 09:01	2024-08-15	Show	GitHub Exploit DB Packet Storm

312928	6.5	MEDIUM Local	zoom	meeting_software_development_kit workplace_desktop	Untrusted search path in the installer for Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS before 6.1.0 may allow a privileged user to conduct an escalation of privilege via local…	CWE-426 Untrusted Search Path	CVE-2024-42439	2024-08-29 09:00	2024-08-15	Show	GitHub Exploit DB Packet Storm

312929	6.7	MEDIUM Local	zoom	workplace_desktop meeting_software_development_kit rooms	Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct…	NVD-CWE-noinfo	CVE-2024-42440	2024-08-29 08:59	2024-08-15	Show	GitHub Exploit DB Packet Storm

312930	6.7	MEDIUM Local	zoom	workplace_desktop meeting_software_development_kit rooms	Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct…	NVD-CWE-noinfo	CVE-2024-42441	2024-08-29 08:58	2024-08-15	Show	GitHub Exploit DB Packet Storm

312931	8.8	HIGH Network	google	chrome	Type Confusion in V8 in Google Chrome prior to 128.0.6613.113 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	CWE-843 Type Confusion	CVE-2024-7969	2024-08-29 08:15	2024-08-22	Show	GitHub Exploit DB Packet Storm

312932	5.9	MEDIUM Network	ibm	qradar_network_packet_capture	IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit…	CWE-311 Missing Encryption of Sensitive Data	CVE-2024-31905	2024-08-29 07:08	2024-08-16	Show	GitHub Exploit DB Packet Storm

312933	6.2	MEDIUM Local	xpdfreader	xpdf	In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero.	CWE-369 CWE-190 Divide By Zero Integer Overflow or Wraparound	CVE-2024-7867	2024-08-29 06:59	2024-08-16	Show	GitHub Exploit DB Packet Storm

312934	9.8	CRITICAL Network	upkeeper	upkeeper_manager	Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9.	CWE-307 mproper Restriction of Excessive Authentication Attempts	CVE-2024-42466	2024-08-29 05:48	2024-08-16	Show	GitHub Exploit DB Packet Storm

312935	9.8	CRITICAL Network	upkeeper	upkeeper_manager	Improper Authentication vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Bypass.This issue affects upKeeper Manager: through 5.1.9.	CWE-287 Improper Authentication	CVE-2024-42462	2024-08-29 05:46	2024-08-16	Show	GitHub Exploit DB Packet Storm

312936	6.5	MEDIUM Network	upkeeper	upkeeper_manager	Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue …	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2024-42463	2024-08-29 05:38	2024-08-16	Show	GitHub Exploit DB Packet Storm

312937	6.5	MEDIUM Network	upkeeper	upkeeper_manager	Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product upKeeper Manager allows Utilizing REST's Trust in the System Resource to Obtain Sensitive Data.This issue …	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2024-42464	2024-08-29 05:35	2024-08-16	Show	GitHub Exploit DB Packet Storm

312938	9.8	CRITICAL Network	upkeeper	upkeeper_manager	Improper Restriction of Excessive Authentication Attempts vulnerability in upKeeper Solutions product upKeeper Manager allows Authentication Abuse.This issue affects upKeeper Manager: through 5.1.9.	CWE-307 mproper Restriction of Excessive Authentication Attempts	CVE-2024-42465	2024-08-29 05:32	2024-08-16	Show	GitHub Exploit DB Packet Storm

312939	7.2	HIGH Network	versa-networks	versa_director	The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2024-39717	2024-08-29 04:47	2024-08-23	Show	GitHub Exploit DB Packet Storm

312940	-	-	-	-	A vulnerability in Pantera CRM versions 401.152 and 402.072 allows unauthorized attackers to bypass IP-based access controls by manipulating the X-Forwarded-For header.	-	CVE-2024-40530	2024-08-29 04:15	2024-08-6	Show	GitHub Exploit DB Packet Storm

312941	8.3	HIGH Network	microsoft	edge_chromium	Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability	NVD-CWE-noinfo	CVE-2024-43472	2024-08-29 04:13	2024-08-17	Show	GitHub Exploit DB Packet Storm

312942	5.3	MEDIUM Network	softlabbd	radio_player	The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_player function in versions up to, and including, 2.0.73. This…	CWE-862 Missing Authorization	CVE-2023-4024	2024-08-29 03:32	2024-08-17	Show	GitHub Exploit DB Packet Storm

312943	5.3	MEDIUM Network	softlabbd	radio_player	The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_player function in versions up to, and including, 2.0.73. This…	CWE-862 Missing Authorization	CVE-2023-4025	2024-08-29 03:30	2024-08-17	Show	GitHub Exploit DB Packet Storm

312944	9.8	CRITICAL Network	alientechnology	alr-f800_firmware	A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been classified as critical. Affected is an unknown function of the file /var/www/cmd.php. The manipulation of the arg…	CWE-285 Improper Authorization	CVE-2024-7578	2024-08-29 03:27	2024-08-7	Show	GitHub Exploit DB Packet Storm

312945	8.8	HIGH Network	alientechnology	alr-f800_firmware	A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. It has been declared as critical. Affected by this vulnerability is the function popen of the file /var/www/cgi-bin/upgrade.c…	CWE-78 OS Command	CVE-2024-7579	2024-08-29 03:26	2024-08-7	Show	GitHub Exploit DB Packet Storm

312946	7.8	HIGH Local	okta	verify	Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking. The vulnerability is fixed in Okta Verify for Windows version 5.0.2. To remediate this vulnerability, upgrade to 5…	CWE-427 Uncontrolled Search Path Element	CVE-2024-7061	2024-08-29 03:25	2024-08-8	Show	GitHub Exploit DB Packet Storm

312947	5.4	MEDIUM Network	opentext	alm_octane	Improper Neutralization vulnerability (XSS) has been discovered in OpenText™ ALM Octane. The vulnerability affects all version prior to version 23.4. The vulnerability could cause remote code executi…	CWE-79 Cross-site Scripting	CVE-2024-6361	2024-08-29 03:17	2024-08-6	Show	GitHub Exploit DB Packet Storm

312948	5.4	MEDIUM Network	zephyr-one	zephyr_project_manager	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dylan James Zephyr Project Manager allows Reflected XSS.This issue affects Zephyr Project …	CWE-79 Cross-site Scripting	CVE-2024-43915	2024-08-29 02:44	2024-08-27	Show	GitHub Exploit DB Packet Storm

312949	7.5	HIGH Network	yanzhenjie	andserver	AndServer 2.1.12 is vulnerable to Directory Traversal.	CWE-22 Path Traversal	CVE-2024-41310	2024-08-29 02:42	2024-08-3	Show	GitHub Exploit DB Packet Storm

312950	-	-	-	-	An SEH-based buffer overflow in the BPQ32 HTTP Server in BPQ32 6.0.24.1 allows remote attackers with access to the Web Terminal to achieve remote code execution via an HTTP POST /TermInput request.	-	CVE-2024-34087	2024-08-29 01:35	2024-08-27	Show	GitHub Exploit DB Packet Storm