U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NOTICE UPDATED - May, 29th 2024

The NVD has a new announcement page with status updates, news, and how to stay connected!


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2024-30072 - Microsoft Event Trace Log File Parsing Remote Code Execution Vulnerability
    Published: June 11, 2024; 1:15:53 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-30070 - DHCP Server Service Denial of Service Vulnerability
    Published: June 11, 2024; 1:15:53 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-30069 - Windows Remote Access Connection Manager Information Disclosure Vulnerability
    Published: June 11, 2024; 1:15:53 PM -0400

    V3.1: 4.7 MEDIUM

  • CVE-2024-30075 - Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability
    Published: June 11, 2024; 1:15:54 PM -0400

    V3.1: 8.0 HIGH

  • CVE-2024-30074 - Windows Link Layer Topology Discovery Protocol Remote Code Execution Vulnerability
    Published: June 11, 2024; 1:15:54 PM -0400

    V3.1: 8.0 HIGH

  • CVE-2024-30068 - Windows Kernel Elevation of Privilege Vulnerability
    Published: June 11, 2024; 1:15:53 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-6120 - The Sparkle Demo Importer plugin for WordPress is vulnerable to unauthorized database reset and demo data import due to a missing capability check on the multiple functions in all versions up to and including 1.4.7. This makes it possible for auth... read CVE-2024-6120
    Published: June 21, 2024; 8:15:09 PM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2024-2484 - The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Services and Post Type Grid widgets in all versions up to, and including, 2.10.34 due to insufficient input sanitization and output escaping. This... read CVE-2024-2484
    Published: June 21, 2024; 10:15:44 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-4313 - The Table Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible... read CVE-2024-4313
    Published: June 21, 2024; 10:15:45 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-5346 - The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting via the UX Countdown, Video Button, UX Video, UX Slider, UX Sidebar, and UX Payment Icons shortcodes in all versions up to, and including, 3.18.7 due to insufficient inp... read CVE-2024-5346
    Published: June 21, 2024; 10:15:45 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-5791 - The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp_id' parameter in all versions up to, and including, 4.4.2 due to missing authorization checks on processA... read CVE-2024-5791
    Published: June 21, 2024; 10:15:45 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2024-5965 - The Mosaic theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This m... read CVE-2024-5965
    Published: June 22, 2024; 12:15:12 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-5966 - The Grey Opaque theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the theme's Download-Button shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output esc... read CVE-2024-5966
    Published: June 22, 2024; 12:15:12 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-21514 - This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Di... read CVE-2024-21514
    Published: June 22, 2024; 1:15:09 AM -0400

    V3.1: 8.1 HIGH

  • CVE-2024-21515 - This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously... read CVE-2024-21515
    Published: June 22, 2024; 1:15:10 AM -0400

    V3.1: 4.7 MEDIUM

  • CVE-2024-21516 - This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a... read CVE-2024-21516
    Published: June 22, 2024; 1:15:10 AM -0400

    V3.1: 4.7 MEDIUM

  • CVE-2024-21517 - This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As th... read CVE-2024-21517
    Published: June 22, 2024; 1:15:11 AM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2024-21518 - This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesyste... read CVE-2024-21518
    Published: June 22, 2024; 1:15:11 AM -0400

    V3.1: 7.2 HIGH

  • CVE-2024-21519 - This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create ... read CVE-2024-21519
    Published: June 22, 2024; 1:15:11 AM -0400

    V3.1: 7.2 HIGH

  • CVE-2024-6241 - A vulnerability was found in Pear Admin Boot up to 2.0.2 and classified as critical. This issue affects the function getDictItems of the file /system/dictData/getDictItems/. The manipulation with the input ,user(),1,1 leads to sql injection. The a... read CVE-2024-6241
    Published: June 21, 2024; 1:15:11 PM -0400

    V3.1: 9.8 CRITICAL

Created September 20, 2022 , Updated May 29, 2024