NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:May 11, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
312951	-	-	-	-	An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file.	-	CVE-2024-42845	2024-08-29 01:35	2024-08-24	Show	GitHub Exploit DB Packet Storm

312952	9.8	CRITICAL Network	hitachienergy	microscada_x_sys600	The product exposes a service that is intended for local only to all network interfaces without any authentication.	CWE-306 Missing Authentication for Critical Function	CVE-2024-7940	2024-08-29 01:24	2024-08-27	Show	GitHub Exploit DB Packet Storm

312953	9.8	CRITICAL Network	-	-	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.	-	CVE-2024-35326	2024-08-29 01:15	2024-06-14	Show	GitHub Exploit DB Packet Storm

312954	9.8	CRITICAL Network	-	-	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.	-	CVE-2024-35325	2024-08-29 01:15	2024-06-14	Show	GitHub Exploit DB Packet Storm

312955	7.5	HIGH Network	-	-	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.	-	CVE-2024-35328	2024-08-29 01:15	2024-06-14	Show	GitHub Exploit DB Packet Storm

312956	-	-	-	-	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.	-	CVE-2024-35329	2024-08-29 01:15	2024-06-11	Show	GitHub Exploit DB Packet Storm

312957	8.8	HIGH Network	casbin	casdoor	Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, a logic vulnerability exists in the beego filter CorsFilter that allows any…	CWE-697 Incorrect Comparison	CVE-2024-41657	2024-08-29 01:13	2024-08-21	Show	GitHub Exploit DB Packet Storm

312958	6.1	MEDIUM Network	casbin	casdoor	Casdoor is a UI-first Identity and Access Management (IAM) / Single-Sign-On (SSO) platform. In Casdoor 1.577.0 and earlier, he purchase URL that is created to generate a WechatPay QR code is vulnera…	CWE-79 Cross-site Scripting	CVE-2024-41658	2024-08-29 01:08	2024-08-21	Show	GitHub Exploit DB Packet Storm

312959	-	-	-	-	The Quiz and Survey Master (QSM) WordPress plugin before 9.1.1 fails to validate and escape certain Quiz fields before displaying them on a page or post where the Quiz is embedded, which could allow…	-	CVE-2024-6879	2024-08-29 00:35	2024-08-26	Show	GitHub Exploit DB Packet Storm

312960	7.5	HIGH Network	hex-rays	ida_pro	ida64.dll in Hex-Rays IDA Pro through 8.4 crashes when there is a section that has many jumps linked, and the final jump corresponds to the payload from where the actual entry point will be invoked. …	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2024-44083	2024-08-29 00:15	2024-08-19	Show	GitHub Exploit DB Packet Storm

312961	-	-	-	-	A weak password requirement issue was discovered in Teldats Router RS123, RS123w allows a remote attacker to escalate privileges	-	CVE-2022-39997	2024-08-28 23:35	2024-08-28	Show	GitHub Exploit DB Packet Storm

312962	8.8	HIGH Network	apache	hertzbeat	Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in /api/monitors/import. This vulnerability is fixed in 1.6.0.	CWE-502 Deserialization of Untrusted Data	CVE-2024-42362	2024-08-28 22:49	2024-08-21	Show	GitHub Exploit DB Packet Storm

312963	9.8	CRITICAL Network	apache	hertzbeat	Hertzbeat is an open source, real-time monitoring system. Hertzbeat 1.6.0 and earlier declares a /api/monitor/{monitorId}/metric/{metricFull} endpoint to download job metrics. In the process, it exec…	CWE-89 SQL Injection	CVE-2024-42361	2024-08-28 22:49	2024-08-21	Show	GitHub Exploit DB Packet Storm

312964	-	-	-	-	Hydra is a Continuous Integration service for Nix based projects. It is possible to trigger evaluations in Hydra without any authentication. Depending on the size of evaluations, this can impact the …	-	CVE-2024-45049	2024-08-28 21:57	2024-08-28	Show	GitHub Exploit DB Packet Storm

312965	-	-	-	-	Meshtastic device firmware is a firmware for meshtastic devices to run an open source, off-grid, decentralized, mesh network built to run on affordable, low-power devices. Meshtastic device firmware …	-	CVE-2024-45038	2024-08-28 21:57	2024-08-28	Show	GitHub Exploit DB Packet Storm

312966	-	-	-	-	A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extens…	-	CVE-2024-5814	2024-08-28 21:57	2024-08-28	Show	GitHub Exploit DB Packet Storm

312967	-	-	-	-	An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with…	-	CVE-2024-5288	2024-08-28 21:57	2024-08-28	Show	GitHub Exploit DB Packet Storm

312968	-	-	-	-	The AWS Cloud Development Kit (CDK) is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormati…	-	CVE-2024-45037	2024-08-28 21:57	2024-08-28	Show	GitHub Exploit DB Packet Storm

312969	-	-	-	-	Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Meaning k = r mod n. The divisio…	-	CVE-2024-1544	2024-08-28 21:57	2024-08-28	Show	GitHub Exploit DB Packet Storm

312970	-	-	-	-	An authenticated user can download sensitive files from NX, EX, FX, AX, IVX, and CMS using path traversal for the URL of network anomaly download_artifact.	CWE-35 Path Traversal: '.../...//'	CVE-2024-7608	2024-08-28 18:15	2024-08-27	Show	GitHub Exploit DB Packet Storm

312971	-	-	-	-	Dell Client Platform BIOS contains a Use of Default Cryptographic Key Vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Secure Boot…	CWE-1392 Use of Default Credentials	CVE-2024-39584	2024-08-28 15:15	2024-08-28	Show	GitHub Exploit DB Packet Storm

312972	-	-	-	-	Dell Dock Firmware and Dell Client Platform contain an Improper Link Resolution vulnerability during installation resulting in arbitrary folder deletion, which could lead to Privilege Escalation or D…	CWE-59 Link Following	CVE-2023-43078	2024-08-28 15:15	2024-08-28	Show	GitHub Exploit DB Packet Storm

312973	5.3	MEDIUM Network	-	-	The Mollie Payments for WooCommerce plugin for WordPress is vulnerable to information exposure in all versions up to, and including, 7.7.0. This is due to the error reporting being enabled by default…	CWE-200 Information Exposure	CVE-2024-6448	2024-08-28 13:15	2024-08-28	Show	GitHub Exploit DB Packet Storm

312974	9.8	CRITICAL Network	-	-	The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via de…	-	CVE-2024-8030	2024-08-28 12:15	2024-08-28	Show	GitHub Exploit DB Packet Storm

312975	5.3	MEDIUM Network	-	-	The Relevanssi Live Ajax Search plugin for WordPress is vulnerable to argument injection in all versions up to, and including, 2.4. This is due to insufficient validation of input supplied via POST d…	-	CVE-2024-7573	2024-08-28 12:15	2024-08-28	Show	GitHub Exploit DB Packet Storm

312976	-	-	-	-	A Reflected Cross Site Scripting (XSS) vulnerability was found in "/music/controller.php?page=test" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute ar…	-	CVE-2024-42789	2024-08-28 05:35	2024-08-27	Show	GitHub Exploit DB Packet Storm

312977	-	-	-	-	A SQL Injection vulnerability exists in the Graph Template component in Centreon Web 24.04.x before 24.04.3, 23.10.x before 23.10.13, 23.04.x before 23.04.19, and 22.10.x before 22.10.23.	-	CVE-2024-33854	2024-08-28 05:35	2024-08-24	Show	GitHub Exploit DB Packet Storm

312978	4.3	MEDIUM Network	google	chrome	Inappropriate implementation in WebApp Installs in Google Chrome on Windows prior to 128.0.6613.84 allowed an attacker who convinced a user to install a malicious application to perform UI spoofing v…	NVD-CWE-noinfo	CVE-2024-8033	2024-08-28 04:39	2024-08-22	Show	GitHub Exploit DB Packet Storm

312979	7.5	HIGH	progress	whatsup_gold	Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gold before 8.03 Hotfix 1 allows remote attackers to execute arbitrary code via a long instancename parameter.	NVD-CWE-Other	CVE-2004-0798	2024-08-28 02:48	2004-10-20	Show	GitHub Exploit DB Packet Storm

312980	5.0	MEDIUM	ipswitch progress	whatsup_gold	The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote attackers to cause a denial of service (server crash) via a GET request containing an MS-DOS device name, as demonstrated…	NVD-CWE-Other	CVE-2004-0799	2024-08-28 02:48	2004-10-20	Show	GitHub Exploit DB Packet Storm

312981	-	-	-	-	There is an Open Redirect vulnerability in Gnuboard v6.0.4 and below via the `url` parameter in login path.	-	CVE-2024-39097	2024-08-28 01:35	2024-08-27	Show	GitHub Exploit DB Packet Storm

312982	8.8	HIGH Local	catonetworks	cato_client	Cato Networks Windows SDP Client Local root certificates can be installed by low-privileged users.This issue affects SDP Client: before 5.10.28.	NVD-CWE-noinfo	CVE-2024-6978	2024-08-28 01:17	2024-08-1	Show	GitHub Exploit DB Packet Storm

312983	9.8	CRITICAL Network	kevinwong	payroll_management_system	A vulnerability classified as critical was found in itsourcecode Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of t…	CWE-89 SQL Injection	CVE-2024-8081	2024-08-28 01:12	2024-08-23	Show	GitHub Exploit DB Packet Storm

312984	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: blktrace: fix use after free for struct blk_trace When tracing the whole disk, 'dropped' and 'msg' will be created under 'q->debu…	CWE-416 Use After Free	CVE-2022-48913	2024-08-28 01:12	2024-08-22	Show	GitHub Exploit DB Packet Storm

312985	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: netfilter: fix use-after-free in __nf_register_net_hook() We must not dereference @new_hooks after nf_hook_mutex has been release…	CWE-416 Use After Free	CVE-2022-48912	2024-08-28 01:12	2024-08-22	Show	GitHub Exploit DB Packet Storm

312986	4.8	MEDIUM Network	oretnom23	online_computer_and_laptop_store	A vulnerability, which was classified as problematic, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file /php-ocls/classes/SystemSettings.php?f…	CWE-79 Cross-site Scripting	CVE-2024-8084	2024-08-28 01:11	2024-08-23	Show	GitHub Exploit DB Packet Storm

312987	8.8	HIGH Network	oretnom23	online_computer_and_laptop_store	A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /php-ocls/cl…	CWE-89 SQL Injection	CVE-2024-8083	2024-08-28 01:11	2024-08-23	Show	GitHub Exploit DB Packet Storm

312988	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion Since commit e2ffcda16290 ("ACPI: OSL: Allow Notify () ha…	CWE-476 NULL Pointer Dereference	CVE-2024-44937	2024-08-28 01:10	2024-08-26	Show	GitHub Exploit DB Packet Storm

312989	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC syzbot reports a f2fs bug as below: ------------[ cut h…	NVD-CWE-noinfo	CVE-2024-44942	2024-08-28 01:09	2024-08-26	Show	GitHub Exploit DB Packet Storm

312990	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: sctp: Fix null-ptr-deref in reuseport_add_sock(). syzbot reported a null-ptr-deref while accessing sk2->sk_reuseport_cb in reusep…	CWE-476 NULL Pointer Dereference	CVE-2024-44935	2024-08-28 01:09	2024-08-26	Show	GitHub Exploit DB Packet Storm

312991	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: bnxt_en : Fix memory out-of-bounds in bnxt_fill_hw_rss_tbl() A recent commit has modified the code in __bnxt_reserve_rings() to s…	CWE-787 Out-of-bounds Write	CVE-2024-44933	2024-08-28 01:08	2024-08-26	Show	GitHub Exploit DB Packet Storm

312992	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: idpf: fix UAFs when destroying the queues The second tagged commit started sometimes (very rarely, but possible) throwing WARNs f…	CWE-416 Use After Free	CVE-2024-44932	2024-08-28 01:08	2024-08-26	Show	GitHub Exploit DB Packet Storm

312993	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: net: bridge: mcast: wait for previous gc cycles when removing port syzbot hit a use-after-free[1] which is caused because the bri…	CWE-416 Use After Free	CVE-2024-44934	2024-08-28 01:07	2024-08-26	Show	GitHub Exploit DB Packet Storm

312994	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: fix memory leak in int3400_notify() It is easy to hit the below memory leaks in my TigerLake platform: unrefer…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2022-48924	2024-08-28 01:07	2024-08-22	Show	GitHub Exploit DB Packet Storm

312995	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix TZ_GET_TRIP NULL pointer dereference Do not call get_trip_hyst() from thermal_genl_cmd_tz_get_trip() if the th…	CWE-476 NULL Pointer Dereference	CVE-2022-48915	2024-08-28 01:07	2024-08-22	Show	GitHub Exploit DB Packet Storm

312996	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: cifs: fix double free race when mount fails in cifs_get_root() When cifs_get_root() fails during cifs_smb3_do_mount() we call dea…	CWE-415 Double Free	CVE-2022-48919	2024-08-28 01:07	2024-08-22	Show	GitHub Exploit DB Packet Storm

312997	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mvm: check debugfs_dir ptr before use When "debugfs=off" is used on the kernel command line, iwiwifi's mvm module uses a…	CWE-476 NULL Pointer Dereference	CVE-2022-48918	2024-08-28 01:07	2024-08-22	Show	GitHub Exploit DB Packet Storm

312998	9.8	CRITICAL Network	fastcom	fw300r_firmware	A stack overflow in FAST FW300R v1.3.13 Build 141023 Rel.61347n allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted file path.	CWE-787 Out-of-bounds Write	CVE-2024-41285	2024-08-28 01:03	2024-08-27	Show	GitHub Exploit DB Packet Storm

312999	9.8	CRITICAL Network	angeljudesuarez	tailoring_management_system	A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. This vulnerability affects unknown code of the file staffcatedit.php. The manipulation of the argumen…	CWE-89 SQL Injection	CVE-2024-8171	2024-08-28 01:02	2024-08-27	Show	GitHub Exploit DB Packet Storm

313000	9.8	CRITICAL Network	rems	zipped_folder_manager_app	A vulnerability classified as problematic has been found in SourceCodester Zipped Folder Manager App 1.0. This affects an unknown part of the file /endpoint/add-folder.php. The manipulation of the ar…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2024-8170	2024-08-28 01:02	2024-08-27	Show	GitHub Exploit DB Packet Storm