U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2024-33820 - Totolink AC1200 Wireless Dual Band Gigabit Router A3002R_V4 Firmware V4.0.0-B20230531.1404 is vulnerable to Buffer Overflow via the formWlEncrypt function of the boa server. Specifically, they exploit the length of the wlan_ssid field triggers the... read CVE-2024-33820
    Published: May 01, 2024; 12:15:07 PM -0400

  • CVE-2024-34506 - An issue was discovered in includes/specials/SpecialMovePage.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousa... read CVE-2024-34506
    Published: May 05, 2024; 3:15:07 PM -0400

  • CVE-2024-34507 - An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7, 1.40.x before 1.40.3, and 1.41.x before 1.41.1. XSS can occur because of mishandling of the 0x1b character, as demonstrated by Special:RecentChanges... read CVE-2024-34507
    Published: May 05, 2024; 3:15:07 PM -0400

  • CVE-2024-34510 - Gradio before 4.20 allows credential leakage on Windows.
    Published: May 05, 2024; 4:15:07 PM -0400

  • CVE-2024-4549 - A denial of service vulnerability exists in Delta Electronics DIAEnergie v1.10.1.8610 and prior. When processing an 'ICS Restart!' message, CEBC.exe restarts the system.
    Published: May 06, 2024; 10:15:08 AM -0400

  • CVE-2024-34470 - An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are pa... read CVE-2024-34470
    Published: May 06, 2024; 11:15:24 AM -0400

  • CVE-2024-34472 - An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An authenticated blind SQL injection vulnerability exists in the mliRealtimeEmails.php file. The ordemGrid parameter in a POST request to /mailinspector/mliRealtimeEmails.php ... read CVE-2024-34472
    Published: May 06, 2024; 11:15:24 AM -0400

  • CVE-2024-33121 - Roothub v2.6 was discovered to contain a SQL injection vulnerability via the 's' parameter in the search() function.
    Published: May 06, 2024; 4:15:11 PM -0400

  • CVE-2024-46540 - A remote code execution (RCE) vulnerability in the component /admin/store.php of Emlog Pro before v2.3.15 allows attackers to use remote file downloads and self-extract fucntions to upload webshells to the target server, thereby obtaining system p... read CVE-2024-46540
    Published: September 30, 2024; 1:15:04 PM -0400

  • CVE-2024-47913 - An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized t... read CVE-2024-47913
    Published: October 04, 2024; 6:15:02 PM -0400

  • CVE-2023-33538 - TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm .
    Published: June 07, 2023; 12:15:10 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-44068 - An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation.
    Published: October 07, 2024; 3:15:09 PM -0400

  • CVE-2025-43200 - This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS 2.3.1, macOS Sequoia 15.3.1, iOS 18.3.1 and iPadOS 18... read CVE-2025-43200
    Published: June 16, 2025; 6:16:41 PM -0400

  • CVE-2024-46292 - A buffer overflow in modsecurity v3.0.12 allows attackers to cause a Denial of Service (DoS) via a crafted input inserted into the name parameter. NOTE: this is disputed by the Supplier because it cannot be reproduced. Also, the product's document... read CVE-2024-46292
    Published: October 09, 2024; 12:15:04 PM -0400

  • CVE-2024-45184 - An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with chipset Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, and Modem 5300. A USAT out-of-bounds w... read CVE-2024-45184
    Published: October 11, 2024; 5:15:06 PM -0400

  • CVE-2024-48700 - Kliqqi-CMS has a background arbitrary code execution vulnerability that attackers can exploit to implant backdoors or getShell via the edit_page.php component.
    Published: October 25, 2024; 2:15:04 PM -0400

  • CVE-2024-48112 - A deserialization vulnerability in the component \controller\Index.php of Thinkphp v6.1.3 to v8.0.4 allows attackers to execute arbitrary code.
    Published: October 30, 2024; 5:15:14 PM -0400

  • CVE-2024-34402 - An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.
    Published: May 02, 2024; 9:15:48 PM -0400

  • CVE-2024-34403 - An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.
    Published: May 02, 2024; 9:15:48 PM -0400

  • CVE-2024-33791 - A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the getTimeZone function.
    Published: May 03, 2024; 1:15:08 PM -0400

Created September 20, 2022 , Updated August 27, 2024