U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2024-10841 - A vulnerability classified as critical was found in romadebrian WEB-Sekolah 1.0. Affected by this vulnerability is an unknown functionality of the file /Proses_Kirim.php of the component Mail Handler. The manipulation of the argument Name leads to... read CVE-2024-10841
    Published: November 05, 2024; 9:15:14 AM -0500

    V3.1: 8.0 HIGH

  • CVE-2024-10840 - A vulnerability classified as problematic has been found in romadebrian WEB-Sekolah 1.0. Affected is an unknown function of the file /Admin/akun_edit.php of the component Backend. The manipulation of the argument kode leads to cross site scripting... read CVE-2024-10840
    Published: November 05, 2024; 8:15:03 AM -0500

    V3.1: 4.8 MEDIUM

  • CVE-2024-10842 - A vulnerability, which was classified as problematic, has been found in romadebrian WEB-Sekolah 1.0. Affected by this issue is some unknown functionality of the file /Admin/Proses_Edit_Akun.php of the component Backend. The manipulation of the arg... read CVE-2024-10842
    Published: November 05, 2024; 9:15:14 AM -0500

    V3.1: 4.8 MEDIUM

  • CVE-2024-10844 - A vulnerability, which was classified as critical, was found in 1000 Projects Bookstore Management System 1.0. This affects an unknown part of the file search.php. The manipulation of the argument s leads to sql injection. It is possible to initia... read CVE-2024-10844
    Published: November 05, 2024; 10:15:22 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2024-10845 - A vulnerability has been found in 1000 Projects Bookstore Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file book_detail.php. The manipulation of the argument id leads to sql injection. The attack... read CVE-2024-10845
    Published: November 05, 2024; 10:15:22 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2024-30122 - HCL Sametime is impacted by misconfigured security related HTTP headers. It was identified that some HTTP headers were missing on web service responses. This will lead to less secure browser default treatment for the policies controlled by these h... read CVE-2024-30122
    Published: October 23, 2024; 11:15:30 AM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2024-49370 - Pimcore is an open source data and experience management platform. When a PortalUserObject is connected to a PimcoreUser and "Use Pimcore Backend Password" is set to true, the change password function in Portal Profile sets the new password. Prior... read CVE-2024-49370
    Published: October 23, 2024; 11:15:31 AM -0400

    V3.1: 4.9 MEDIUM

  • CVE-2024-49675 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Vitalii Bryl iBryl Switch User allows Authentication Bypass.This issue affects iBryl Switch User: from n/a through 1.0.1.
    Published: October 23, 2024; 11:15:32 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-47253 - In 2N Access Commander versions 3.1.1.2 and prior, a Path Traversal vulnerability could allow an attacker with administrative privileges to write files on the filesystem and potentially achieve arbitrary remote code execution. This vulnerability c... read CVE-2024-47253
    Published: November 05, 2024; 5:20:03 AM -0500

    V3.1: 7.2 HIGH

  • CVE-2024-47255 - In 2N Access Commander versions 3.1.1.2 and prior, a local attacker can escalate their privileges in the system which could allow for arbitrary code execution with root permissions.
    Published: November 05, 2024; 5:20:05 AM -0500

    V3.1: 7.8 HIGH

  • CVE-2024-47254 - In 2N Access Commander versions 3.1.1.2 and prior, an Insufficient Verification of Data Authenticity vulnerability could allow an attacker to escalate their privileges and gain root access to the system.
    Published: November 05, 2024; 5:20:04 AM -0500

    V3.1: 7.2 HIGH

  • CVE-2024-51683 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Gangolf Custom post type templates for Elementor allows Stored XSS.This issue affects Custom post type templates for Elementor: fr... read CVE-2024-51683
    Published: November 04, 2024; 10:15:24 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2024-51682 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes HT Builder – WordPress Theme Builder for Elementor allows Stored XSS.This issue affects HT Builder – WordPress Theme Builder for... read CVE-2024-51682
    Published: November 04, 2024; 10:15:23 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2024-51681 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodeRevolution WP Pocket URLs allows Stored XSS.This issue affects WP Pocket URLs: from n/a through 1.0.3.
    Published: November 04, 2024; 10:15:23 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2024-51680 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CrestaProject – Rizzo Andrea Cresta Addons for Elementor allows Stored XSS.This issue affects Cresta Addons for Elementor: from n/a throug... read CVE-2024-51680
    Published: November 04, 2024; 10:15:23 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2024-51678 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Marcel Pol Elo Rating Shortcode allows Stored XSS.This issue affects Elo Rating Shortcode: from n/a through 1.0.3.
    Published: November 04, 2024; 10:15:23 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2024-51677 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WebberZone Knowledge Base allows Stored XSS.This issue affects Knowledge Base: from n/a through 2.2.0.
    Published: November 04, 2024; 10:15:22 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2024-51626 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mansur Ahamed Woocommerce Quote Calculator allows Blind SQL Injection.This issue affects Woocommerce Quote Calculator: from n/a through 1.1.
    Published: November 04, 2024; 10:15:22 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2024-51672 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPDeveloper BetterLinks allows SQL Injection.This issue affects BetterLinks: from n/a through 2.1.7.
    Published: November 04, 2024; 9:15:17 AM -0500

    V3.1: 7.2 HIGH

  • CVE-2024-51665 - Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical Addons For Elementor allows Server Side Request Forgery.This issue affects Magical Addons For Elementor: from n/a through 1.2.1.
    Published: November 04, 2024; 9:15:16 AM -0500

    V3.1: 4.3 MEDIUM

Created September 20, 2022 , Updated August 27, 2024