U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2024-41858 - InCopy versions 18.5.2, 19.4 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that... read CVE-2024-41858
    Published: August 14, 2024; 5:15:12 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-39322 - aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configurati... read CVE-2024-39322
    Published: July 02, 2024; 5:15:10 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2024-22524 - dnspod-sr 0dfbd37 is vulnerable to buffer overflow.
    Published: June 06, 2024; 6:15:10 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2024-22525 - dnspod-sr 0dfbd37 contains a SEGV.
    Published: June 06, 2024; 6:15:10 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2024-2288 - A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload functionality of the Lollms application, specifically in the parisneo/lollms-webui repository, affecting versions up to 7.3.0. This vulnerability allows attacke... read CVE-2024-2288
    Published: June 06, 2024; 3:15:54 PM -0400

    V3.1: 8.3 HIGH

  • CVE-2024-3104 - A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables. Attackers can exploit this vulnerability by injecting arbitrary environment variables via the `POST /api/system/update-en... read CVE-2024-3104
    Published: June 06, 2024; 2:15:17 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-3408 - man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to for... read CVE-2024-3408
    Published: June 06, 2024; 3:16:01 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-3110 - A stored Cross-Site Scripting (XSS) vulnerability exists in the mintplex-labs/anything-llm application, affecting versions up to and including the latest before 1.0.0. The vulnerability arises from the application's failure to properly sanitize an... read CVE-2024-3110
    Published: June 06, 2024; 3:15:59 PM -0400

    V3.1: 8.7 HIGH

  • CVE-2024-22326 - IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection.   IBM X-Fo... read CVE-2024-22326
    Published: June 06, 2024; 3:15:52 PM -0400

    V3.1: 6.3 MEDIUM

  • CVE-2024-37154 - Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via `ClawbackVestingAccount`. This affects 18.1.0 an... read CVE-2024-37154
    Published: June 06, 2024; 3:15:58 PM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2024-24880 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Stored XSS.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.2.
    Published: February 08, 2024; 7:15:56 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2024-37153 - Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. There is an issue with how to liquid stake using Safe which itself is a contract. The bug only appears when there is a local state change together with an ICS20 transfer in the... read CVE-2024-37153
    Published: June 06, 2024; 3:15:58 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-24879 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.5.13.
    Published: February 08, 2024; 7:15:55 AM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2024-36735 - OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter is floating.
    Published: June 06, 2024; 3:15:58 PM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2024-9974 - A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php?f=add_to_card of the component POST Request Handler. T... read CVE-2024-9974
    Published: October 15, 2024; 6:15:04 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-9973 - A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=reports of the component Report Viewing Page. The manipulation of the argument date l... read CVE-2024-9973
    Published: October 15, 2024; 6:15:04 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-36730 - Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting negative values into the oneflow.zeros/ones parameter.
    Published: June 06, 2024; 3:15:57 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-9813 - A vulnerability, which was classified as critical, has been found in Codezips Pharmacy Management System 1.0. This issue affects some unknown processing of the file product/register.php. The manipulation of the argument category leads to sql injec... read CVE-2024-9813
    Published: October 10, 2024; 5:15:05 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-9812 - A vulnerability classified as critical was found in code-projects Crud Operation System 1.0. This vulnerability affects unknown code of the file delete.php. The manipulation of the argument sid leads to sql injection. The attack can be initiated r... read CVE-2024-9812
    Published: October 10, 2024; 5:15:05 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-9811 - A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. This affects an unknown part of the file filter3.php. The manipulation of the argument company leads to sql injection. It is possible to init... read CVE-2024-9811
    Published: October 10, 2024; 5:15:05 PM -0400

    V3.1: 9.8 CRITICAL

Created September 20, 2022 , Updated August 27, 2024