U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2024-33595 - Missing Authorization vulnerability in Jewel Theme Master Addons for Elementor.This issue affects Master Addons for Elementor: from n/a through 2.0.5.4.1.
    Published: April 29, 2024; 6:15:08 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-4785 - BT: Missing Check in LL_CONNECTION_UPDATE_IND Packet Leads to Division by Zero
    Published: August 19, 2024; 6:15:05 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2024-3883 - The 3D FlipBook plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Bookmark URL field in all versions up to, and including, 1.15.4 due to insufficient input sanitization and output escaping. This makes it possible for authen... read CVE-2024-3883
    Published: May 02, 2024; 5:15:07 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-8798 - No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c.
    Published: December 15, 2024; 7:15:05 PM -0500

    V3.1: 6.5 MEDIUM

  • CVE-2024-11263 - When the Global Pointer (GP) relative addressing is enabled (CONFIG_RISCV_GP=y), the gp reg points at 0x800 bytes past the start of the .sdata section which is then used by the linker to relax accesses to global symbols.
    Published: November 15, 2024; 6:15:10 PM -0500

    V3.1: 8.4 HIGH

  • CVE-2024-3957 - The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depen... read CVE-2024-3957
    Published: May 02, 2024; 1:15:32 PM -0400

    V3.1: 7.3 HIGH

  • CVE-2025-21672 - In the Linux kernel, the following vulnerability has been resolved: afs: Fix merge preference rule failure condition syzbot reported a lock held when returning to userspace[1]. This is because if argc is less than 0 and the function returns dir... read CVE-2025-21672
    Published: January 31, 2025; 7:15:28 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2025-21683 - In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpf_sk_select_reuseport() memory leak As pointed out in the original comment, lookup in sockmap can return a TCP ESTABLISHED socket. Such TCP socket may have had SO_ATT... read CVE-2025-21683
    Published: January 31, 2025; 7:15:29 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2025-21667 - In the Linux kernel, the following vulnerability has been resolved: iomap: avoid avoid truncating 64-bit offset to 32 bits on 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a 32-bit position due to folio_next_index() returni... read CVE-2025-21667
    Published: January 31, 2025; 7:15:27 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2025-21666 - In the Linux kernel, the following vulnerability has been resolved: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] Recent reports have shown how we sometimes call vsock_*_has_data() when a vsock socket has been de-assigned from a t... read CVE-2025-21666
    Published: January 31, 2025; 7:15:27 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2025-21665 - In the Linux kernel, the following vulnerability has been resolved: filemap: avoid truncating 64-bit offset to 32 bits On 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a 64-bit value to 32 bits, leading to a possible infini... read CVE-2025-21665
    Published: January 31, 2025; 7:15:27 AM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2023-7060 - Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.01 or the destination address.
    Published: March 15, 2024; 3:15:07 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-25626 - Yocto Project is an open source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture. In Yocto Projects Bitbake before 2.6.2 (before and included Yocto Project 4.3.1), with the Toast... read CVE-2024-25626
    Published: February 19, 2024; 3:15:45 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2025-20638 - In DA, there is a possible read of uninitialized heap data due to uninitialized data. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interacti... read CVE-2025-20638
    Published: February 02, 2025; 11:15:08 PM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2025-20636 - In secmem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Pat... read CVE-2025-20636
    Published: February 02, 2025; 11:15:08 PM -0500

    V3.1: 6.7 MEDIUM

  • CVE-2023-32873 - In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08583919... read CVE-2023-32873
    Published: May 05, 2024; 11:15:09 PM -0400

    V3.1: 6.7 MEDIUM

  • CVE-2024-20129 - In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09289881... read CVE-2024-20129
    Published: December 01, 2024; 11:15:05 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2024-20141 - In V5 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction i... read CVE-2024-20141
    Published: February 02, 2025; 11:15:07 PM -0500

    V3.1: 6.6 MEDIUM

  • CVE-2024-20111 - In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09065033; Issue... read CVE-2024-20111
    Published: November 03, 2024; 9:15:16 PM -0500

    V3.1: 6.7 MEDIUM

  • CVE-2024-4092 - The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmltag’ parameter in all versions up to, and including, 6.7.7 due to insufficient input sanitization and output escaping. This makes it possible for ... read CVE-2024-4092
    Published: May 02, 2024; 1:15:34 PM -0400

    V3.1: 5.4 MEDIUM

Created September 20, 2022 , Updated August 27, 2024