U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2024-45987 - Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by an authenticated user, automatically submits a vo... read CVE-2024-45987
    Published: September 26, 2024; 2:15:08 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2024-41715 - The goTenna Pro ATAK Plugin has a payload length vulnerability that makes it possible to tell the length of the payload regardless of the encryption used.
    Published: September 26, 2024; 2:15:05 PM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2024-8318 - The Attributes for Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘attributesForBlocks’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes ... read CVE-2024-8318
    Published: September 04, 2024; 4:15:03 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2023-23640 - Missing Authorization vulnerability in MainWP MainWP UpdraftPlus Extension.This issue affects MainWP UpdraftPlus Extension: from n/a through 4.0.6.
    Published: June 09, 2024; 6:15:09 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-31294 - Missing Authorization vulnerability in Fahad Mahmood WP Sort Order.This issue affects WP Sort Order: from n/a through 1.3.1.
    Published: June 09, 2024; 5:15:11 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-31246 - Missing Authorization vulnerability in Post Grid Team by WPXPO PostX – Gutenberg Blocks for Post Grid.This issue affects PostX – Gutenberg Blocks for Post Grid: from n/a through 3.2.3.
    Published: June 09, 2024; 5:15:11 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-31098 - Missing Authorization vulnerability in Mr.Ebabi New Order Notification for Woocommerce.This issue affects New Order Notification for Woocommerce: from n/a through 2.0.2.
    Published: June 09, 2024; 5:15:11 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-24142 - Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter.
    Published: February 13, 2024; 4:15:08 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2023-23639 - Missing Authorization vulnerability in MainWP MainWP Staging Extension.This issue affects MainWP Staging Extension: from n/a through 4.0.3.
    Published: June 09, 2024; 6:15:08 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-47128 - The goTenna Pro broadcast key name is always sent unencrypted and could reveal the location of operation.
    Published: September 26, 2024; 2:15:09 PM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2024-47125 - The goTenna Pro series does not authenticate public keys which allows an unauthenticated attacker to intercept and manipulate messages.
    Published: September 26, 2024; 2:15:09 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-8922 - The Product Enquiry for WooCommerce, WooCommerce product catalog plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.33.32 via deserialization of untrusted input in enquiry_detail.php. This makes it... read CVE-2024-8922
    Published: September 27, 2024; 2:15:12 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-6931 - The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via RSVP name field in all versions up to, and including, 6.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauth... read CVE-2024-6931
    Published: September 27, 2024; 5:15:04 AM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2024-8681 - The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Media Grid widget in all versions up to, and including, 4.10.52 due to insufficient input sanitization and output escaping on user ... read CVE-2024-8681
    Published: September 27, 2024; 3:15:05 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-8965 - The Absolute Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Name' field of a custom post criteria in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This make... read CVE-2024-8965
    Published: September 27, 2024; 2:15:13 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-28948 - Advantech ADAM-5630 contains a cross-site request forgery (CSRF) vulnerability. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other.
    Published: September 27, 2024; 2:15:04 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-8991 - The OSM – OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's osm_map and osm_map_v3 shortcodes in all versions up to, and including, 6.1.0 due to insufficient input sanitization and output escaping on ... read CVE-2024-8991
    Published: September 27, 2024; 3:15:05 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-9359 - A vulnerability was found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /addcompany.php. The manipulation of the argument company leads to sql inject... read CVE-2024-9359
    Published: September 30, 2024; 10:15:10 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-9360 - A vulnerability was found in code-projects Restaurant Reservation System 1.0. It has been classified as critical. This affects an unknown part of the file /updatebal.php. The manipulation of the argument company leads to sql injection. It is possi... read CVE-2024-9360
    Published: September 30, 2024; 11:15:02 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-9049 - The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Group module in all versions up to, and including, 2.8.3.6 due to insufficient input sanitization and output esca... read CVE-2024-9049
    Published: September 27, 2024; 3:15:06 AM -0400

    V3.1: 5.4 MEDIUM

Created September 20, 2022 , Updated August 27, 2024