NVD

Icon for New NVD Communications and Status Updates Page

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2024-11485 - A vulnerability, which was classified as critical, has been found in Code4Berry Decoration Management System 1.0. Affected by this issue is some unknown functionality of the file /decoration/admin/userregister.php of the component User Handler. Th... read CVE-2024-11485
Published: November 20, 2024; 11:15:19 AM -0500

V3.1: 8.1 HIGH
CVE-2024-11484 - A vulnerability classified as critical was found in Code4Berry Decoration Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /decoration/admin/update_image.php of the component User Image Handler. The man... read CVE-2024-11484
Published: November 20, 2024; 11:15:19 AM -0500

V3.1: 8.8 HIGH
CVE-2024-51208 - File Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0 allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter.
Published: November 20, 2024; 10:15:08 AM -0500

V3.1: 7.2 HIGH
CVE-2024-10872 - The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template-post-custom-field` block in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping. Thi... read CVE-2024-10872
Published: November 20, 2024; 6:15:04 AM -0500

V3.1: 5.4 MEDIUM
CVE-2018-9412 - In removeUnsynchronization of ID3.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
Published: November 19, 2024; 5:15:18 PM -0500

V3.1: 5.5 MEDIUM
CVE-2024-6687 - The CTT Expresso para WooCommerce plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 3.2.12 via the /wp-content/uploads/cepw directory. The generated .pdf and log files are publicly accessible ... read CVE-2024-6687
Published: July 31, 2024; 10:15:02 PM -0400

V3.1: 7.5 HIGH
CVE-2024-6698 - The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the update_user_meta function. This makes it possible... read CVE-2024-6698
Published: August 01, 2024; 12:15:04 AM -0400
CVE-2024-5924 - Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploi... read CVE-2024-5924
Published: June 13, 2024; 4:15:16 PM -0400

V3.1: 8.8 HIGH
CVE-2018-9411 - In decrypt of ClearKeyCasPlugin.cpp there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation.
Published: November 19, 2024; 5:15:18 PM -0500

V3.1: 8.8 HIGH
CVE-2018-9410 - In analyzeAxes of FontUtils.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: November 19, 2024; 4:15:05 PM -0500

V3.1: 5.5 MEDIUM
CVE-2024-53069 - In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: fix a NULL-pointer dereference Some SCM calls can be invoked with __scm being NULL (the driver may not have been and will not be probed as there's no SCM en... read CVE-2024-53069
Published: November 19, 2024; 1:15:26 PM -0500

V3.1: 5.5 MEDIUM
CVE-2024-53076 - In the Linux kernel, the following vulnerability has been resolved: iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() If per_time_scales[i] or per_time_gains[i] kcalloc fails in the for loop of iio_gts_bui... read CVE-2024-53076
Published: November 19, 2024; 1:15:27 PM -0500

V3.1: 5.5 MEDIUM
CVE-2024-53043 - In the Linux kernel, the following vulnerability has been resolved: mctp i2c: handle NULL header address daddr can be NULL if there is no neighbour table entry present, in that case the tx packet should be dropped. saddr will usually be set by ... read CVE-2024-53043
Published: November 19, 2024; 1:15:24 PM -0500

V3.1: 5.5 MEDIUM
CVE-2024-50268 - In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() The "*cmd" variable can be controlled by the user via debugfs. That means "new_cam" can be as high ... read CVE-2024-50268
Published: November 18, 2024; 9:16:28 PM -0500

V3.1: 7.1 HIGH
CVE-2018-9417 - In f_hidg_read and hidg_disable of f_hid.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published: November 19, 2024; 5:15:18 PM -0500

V3.1: 7.8 HIGH
CVE-2018-9419 - In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for expl... read CVE-2018-9419
Published: November 19, 2024; 5:15:18 PM -0500

V3.1: 7.5 HIGH
CVE-2018-9420 - In BnCameraService::onTransact of CameraService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not need... read CVE-2018-9420
Published: November 19, 2024; 5:15:19 PM -0500

V3.1: 5.5 MEDIUM
CVE-2018-9421 - In writeInplace of Parcel.cpp, there is a possible information leak across processes, using Binder, due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not ... read CVE-2018-9421
Published: November 19, 2024; 5:15:19 PM -0500

V3.1: 5.5 MEDIUM
CVE-2018-9428 - In startDevice of AAudioServiceStreamBase.cpp there is a possible out of bounds write due to a use after free. This could lead to local arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploit... read CVE-2018-9428
Published: November 19, 2024; 5:15:19 PM -0500

V3.1: 7.8 HIGH
CVE-2024-11589 - A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /expcatedit.php. The manipulation of the argument id leads to sql injection. T... read CVE-2024-11589
Published: November 21, 2024; 8:15:06 AM -0500

V3.1: 8.8 HIGH

Created September 20, 2022 , Updated August 27, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: