NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:May 10, 2026, 4:58 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
313151	9.8	CRITICAL Network	d3dsecurity	d8801_firmware	An issue in D3D Security D3D IP Camera (D8801) v.V9.1.17.1.4-20180428 allows a local attacker to execute arbitrary code via a crafted payload	NVD-CWE-noinfo	CVE-2024-41623	2024-08-24 00:35	2024-08-13	Show	GitHub Exploit DB Packet Storm

313152	-	-	-	-	A Stored Cross Site Scripting (XSS) vulnerability was found in "/view_type.php" of Kashipara Live Membership System v1.0, which allows remote attackers to execute arbitrary code via membershipType pa…	-	CVE-2024-40487	2024-08-24 00:35	2024-08-12	Show	GitHub Exploit DB Packet Storm

313153	-	-	-	-	In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux k…	-	CVE-2023-50810	2024-08-24 00:35	2024-08-12	Show	GitHub Exploit DB Packet Storm

313154	7.2	HIGH Network	mattermost	mattermost	Mattermost versions 9.9.x <= 9.9.1, 9.5.x <= 9.5.7, 9.10.x <= 9.10.0 and 9.8.x <= 9.8.2 fail to restrict which roles can promote a user as system admin which allows a System Role with edit access to …	NVD-CWE-Other	CVE-2024-8071	2024-08-24 00:34	2024-08-22	Show	GitHub Exploit DB Packet Storm

313155	6.5	MEDIUM Network	ibm	openpages_with_watson openpages_grc_platform	IBM OpenPages with Watson 8.3 and 9.0 could allow authenticated users access to sensitive information through improper authorization controls on APIs.	CWE-306 Missing Authentication for Critical Function	CVE-2024-35151	2024-08-24 00:32	2024-08-22	Show	GitHub Exploit DB Packet Storm

313156	5.9	MEDIUM Network	ibm	sterling_connect_direct_web_services	IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.…	CWE-311 Missing Encryption of Sensitive Data	CVE-2024-39746	2024-08-24 00:25	2024-08-22	Show	GitHub Exploit DB Packet Storm

313157	7.5	HIGH Network	ibm	sterling_connect_direct_web_services	IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.	CWE-327 Use of a Broken or Risky Cryptographic Algorithm	CVE-2024-39745	2024-08-24 00:25	2024-08-22	Show	GitHub Exploit DB Packet Storm

313158	4.3	MEDIUM Network	ibm	sterling_connect_direct_web_services	IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted fro…	CWE-352 Origin Validation Error	CVE-2024-39744	2024-08-24 00:25	2024-08-22	Show	GitHub Exploit DB Packet Storm

313159	5.3	MEDIUM Network	youdiancms	youdiancms	A vulnerability, which was classified as problematic, has been found in YouDianCMS 7. This issue affects some unknown processing of the file /t.php?action=phpinfo. The manipulation leads to informati…	NVD-CWE-noinfo	CVE-2024-7328	2024-08-24 00:25	2024-08-1	Show	GitHub Exploit DB Packet Storm

313160	5.4	MEDIUM Network	cisco	identity_services_engine	A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due…	CWE-79 Cross-site Scripting	CVE-2024-20443	2024-08-24 00:18	2024-08-8	Show	GitHub Exploit DB Packet Storm

313161	4.8	MEDIUM Network	cisco	identity_services_engine	A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due…	CWE-79 Cross-site Scripting	CVE-2024-20479	2024-08-24 00:14	2024-08-8	Show	GitHub Exploit DB Packet Storm

313162	5.3	MEDIUM Network	hp	instantos	Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results…	NVD-CWE-noinfo	CVE-2024-42396	2024-08-24 00:07	2024-08-7	Show	GitHub Exploit DB Packet Storm

313163	5.3	MEDIUM Network	arubanetworks hp	arubaos instantos	Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to…	NVD-CWE-noinfo	CVE-2024-42400	2024-08-24 00:06	2024-08-7	Show	GitHub Exploit DB Packet Storm

313164	5.3	MEDIUM Network	arubanetworks hp	arubaos instantos	Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to…	NVD-CWE-noinfo	CVE-2024-42399	2024-08-24 00:06	2024-08-7	Show	GitHub Exploit DB Packet Storm

313165	5.3	MEDIUM Network	arubanetworks hp	arubaos instantos	Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the Soft AP daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to…	NVD-CWE-noinfo	CVE-2024-42398	2024-08-24 00:06	2024-08-7	Show	GitHub Exploit DB Packet Storm

313166	5.3	MEDIUM Network	hp	instantos	Multiple unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Certificate Management daemon accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results…	NVD-CWE-noinfo	CVE-2024-42397	2024-08-24 00:06	2024-08-7	Show	GitHub Exploit DB Packet Storm

313167	4.3	MEDIUM Network	mattermost	mattermost	Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6 fail to properly validate synced reactions, when shared channels are enabled, which allows a malicious remote to create arbitrary reactions on arbit…	NVD-CWE-noinfo	CVE-2024-29977	2024-08-23 23:52	2024-08-2	Show	GitHub Exploit DB Packet Storm

313168	6.4	MEDIUM Network	mattermost	mattermost	Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to disallow the modification of local users when syncing users in shared channels. which allows a malicious rem…	NVD-CWE-noinfo	CVE-2024-36492	2024-08-23 23:51	2024-08-2	Show	GitHub Exploit DB Packet Storm

313169	6.5	MEDIUM Network	mattermost	mattermost	Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to properly validate that the channel that comes from the sync message is a shared channel, when shared chan…	NVD-CWE-noinfo	CVE-2024-39274	2024-08-23 23:39	2024-08-2	Show	GitHub Exploit DB Packet Storm

313170	9.6	CRITICAL Network	mattermost	mattermost	Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5 and 9.8.x <= 9.8.1 fail to disallow unsolicited invites to expose access to local channels, when shared channels are enabled, which …	NVD-CWE-noinfo	CVE-2024-39777	2024-08-23 23:36	2024-08-2	Show	GitHub Exploit DB Packet Storm

313171	8.7	HIGH Network	mattermost	mattermost	Mattermost versions 9.9.x <= 9.9.0, 9.5.x <= 9.5.6, 9.7.x <= 9.7.5, 9.8.x <= 9.8.1 fail to properly safeguard an error handling which allows a malicious remote to permanently delete local data by abu…	CWE-754 Improper Check for Unusual or Exceptional Conditions	CVE-2024-39832	2024-08-23 23:35	2024-08-2	Show	GitHub Exploit DB Packet Storm

313172	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Do not change route.addr.src_addr outside state checks If the state is not idle then resolve_prepare_src() should immed…	CWE-416 Use After Free	CVE-2022-48925	2024-08-23 11:07	2024-08-22	Show	GitHub Exploit DB Packet Storm

313173	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: iio: adc: tsc2046: fix memory corruption by preventing array overflow On one side we have indio_dev->num_channels includes all ph…	CWE-787 Out-of-bounds Write	CVE-2022-48927	2024-08-23 11:05	2024-08-22	Show	GitHub Exploit DB Packet Storm

313174	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: usb: gadget: rndis: add spinlock for rndis response list There's no lock for rndis response list. It could cause list corruption …	NVD-CWE-noinfo	CVE-2022-48926	2024-08-23 11:05	2024-08-22	Show	GitHub Exploit DB Packet Storm

313175	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: bpf: Fix crash due to out of bounds access into reg2btf_ids. When commit e6ac2450d6de ("bpf: Support bpf program calling kernel f…	CWE-125 Out-of-bounds Read	CVE-2022-48929	2024-08-23 11:00	2024-08-22	Show	GitHub Exploit DB Packet Storm

313176	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: iio: adc: men_z188_adc: Fix a resource leak in an error handling path If iio_device_register() fails, a previous ioremap() is lef…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2022-48928	2024-08-23 10:58	2024-08-22	Show	GitHub Exploit DB Packet Storm

313177	4.7	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: configfs: fix a race in configfs_{,un}register_subsystem() When configfs_register_subsystem() or configfs_unregister_subsystem() …	CWE-362 Race Condition	CVE-2022-48931	2024-08-23 10:54	2024-08-22	Show	GitHub Exploit DB Packet Storm

313178	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: RDMA/ib_srp: Fix a deadlock Remove the flush_workqueue(system_long_wq) call since flushing system_long_wq is deadlock-prone and s…	CWE-667 Improper Locking	CVE-2022-48930	2024-08-23 10:51	2024-08-22	Show	GitHub Exploit DB Packet Storm

313179	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memory leak during stateful obj update stateful objects can be updated from the control plane. The tran…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2022-48933	2024-08-23 10:50	2024-08-22	Show	GitHub Exploit DB Packet Storm

313180	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte When adding a rule with 32 destinations, we hit the following out-…	CWE-125 Out-of-bounds Read	CVE-2022-48932	2024-08-23 10:48	2024-08-22	Show	GitHub Exploit DB Packet Storm

313181	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unregister flowtable hooks on netns exit Unregister flowtable hooks before they are releases via nf_tables_…	CWE-416 Use After Free	CVE-2022-48935	2024-08-23 10:45	2024-08-22	Show	GitHub Exploit DB Packet Storm

313182	-	-	-	-	An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a me…	-	CVE-2024-45167	2024-08-23 05:35	2024-08-22	Show	GitHub Exploit DB Packet Storm

313183	7.8	HIGH Local	google	chrome	Insufficient data validation in Installer in Google Chrome on Windows prior to 128.0.6613.84 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity…	NVD-CWE-noinfo	CVE-2024-7977	2024-08-23 05:35	2024-08-22	Show	GitHub Exploit DB Packet Storm

313184	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() ida_simple_get() returns an id between min (0) and max (NFP_MAX_…	CWE-401 Missing Release of Memory after Effective Lifetime	CVE-2022-48934	2024-08-23 05:33	2024-08-22	Show	GitHub Exploit DB Packet Storm

313185	3.3	LOW Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: io_uring: add a schedule point in io_add_buffers() Looping ~65535 times doing kmalloc() calls can trigger soft lockups, especiall…	CWE-667 Improper Locking	CVE-2022-48937	2024-08-23 04:07	2024-08-22	Show	GitHub Exploit DB Packet Storm

313186	3.3	LOW Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: bpf: Add schedule points in batch ops syzbot reported various soft lockups caused by bpf batch operations. INFO: task kworker/1…	CWE-834 Excessive Iteration	CVE-2022-48939	2024-08-23 04:02	2024-08-22	Show	GitHub Exploit DB Packet Storm

313187	4.7	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: ice: fix concurrent reset and removal of VFs Commit c503e63200c6 ("ice: Stop processing VF messages during teardown") introduced …	CWE-362 Race Condition	CVE-2022-48941	2024-08-23 03:41	2024-08-22	Show	GitHub Exploit DB Packet Storm

313188	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: bpf: Fix crash due to incorrect copy_map_value When both bpf_spin_lock and bpf_timer are present in a BPF map value, copy_map_val…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2022-48940	2024-08-23 03:37	2024-08-22	Show	GitHub Exploit DB Packet Storm

313189	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: make apf token non-zero to fix bug In current async pagefault logic, when a page is ready, KVM relies on kvm_arch_c…	NVD-CWE-noinfo	CVE-2022-48943	2024-08-23 03:27	2024-08-22	Show	GitHub Exploit DB Packet Storm

313190	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: hwmon: Handle failure to register sensor with thermal zone correctly If an attempt is made to a sensor with a thermal zone and it…	CWE-476 NULL Pointer Dereference	CVE-2022-48942	2024-08-23 03:25	2024-08-22	Show	GitHub Exploit DB Packet Storm

313191	-	-	-	-	SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these r…	-	CVE-2024-42598	2024-08-23 03:15	2024-08-21	Show	GitHub Exploit DB Packet Storm

313192	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: dma: fix call order in dmam_free_coherent dmam_free_coherent() frees a DMA allocation, which makes the freed vaddr available for …	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2024-43856	2024-08-23 02:57	2024-08-17	Show	GitHub Exploit DB Packet Storm

313193	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: md: fix deadlock between mddev_suspend and flush bio Deadlock occurs when mddev is being suspended while some flush bio is in pro…	CWE-476 NULL Pointer Dereference	CVE-2024-43855	2024-08-23 02:48	2024-08-17	Show	GitHub Exploit DB Packet Storm

313194	8.8	HIGH Network	lopalopa	music_management_system	An Unrestricted file upload vulnerability was found in "/music/ajax.php?action=save_playlist" in Kashipara Music Management System v1.0. This allows attackers to execute arbitrary code via uploading …	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2024-42778	2024-08-23 02:46	2024-08-22	Show	GitHub Exploit DB Packet Storm

313195	4.3	MEDIUM Network	google	chrome	Inappropriate implementation in Permissions in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)	NVD-CWE-noinfo	CVE-2024-7975	2024-08-23 02:40	2024-08-22	Show	GitHub Exploit DB Packet Storm

313196	7.8	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: jfs: Fix array-index-out-of-bounds in diFree	CWE-129 Improper Validation of Array Index	CVE-2024-43858	2024-08-23 02:40	2024-08-17	Show	GitHub Exploit DB Packet Storm

313197	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: f2fs: fix null reference error when checking end of zone This patch fixes a potentially null pointer being accessed by is_end_zon…	CWE-476 NULL Pointer Dereference	CVE-2024-43857	2024-08-23 02:38	2024-08-17	Show	GitHub Exploit DB Packet Storm

313198	4.3	MEDIUM Network	google	chrome	Inappropriate implementation in Views in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)	NVD-CWE-noinfo	CVE-2024-7981	2024-08-23 02:36	2024-08-22	Show	GitHub Exploit DB Packet Storm

313199	4.3	MEDIUM Network	google	chrome	Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: L…	NVD-CWE-noinfo	CVE-2024-8034	2024-08-23 02:35	2024-08-22	Show	GitHub Exploit DB Packet Storm

313200	4.3	MEDIUM Network	google	chrome	Inappropriate implementation in Extensions in Google Chrome on Windows prior to 128.0.6613.84 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Lo…	NVD-CWE-noinfo	CVE-2024-8035	2024-08-23 02:33	2024-08-22	Show	GitHub Exploit DB Packet Storm