U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2024-0625 - The WPFront Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpfront-notification-bar-options[custom_class]’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization an... read CVE-2024-0625
    Published: January 24, 2024; 10:15:07 PM -0500

    V3.1: 4.8 MEDIUM

  • CVE-2024-0617 - The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcd_save_discount() function in all versions up to, and including, 4.12. This makes it possible for... read CVE-2024-0617
    Published: January 24, 2024; 9:15:53 PM -0500

    V3.1: 5.3 MEDIUM

  • CVE-2024-22204 - Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The `config` function in `app/routes.py` does not validate the user-controll... read CVE-2024-22204
    Published: January 23, 2024; 1:15:18 PM -0500

    V3.1: 5.3 MEDIUM

  • CVE-2023-49783 - Silverstripe Admin provides a basic management interface for the Silverstripe Framework. In versions on the 1.x branch prior to 1.13.19 and on the 2.x branch prior to 2.1.8, users who don't have edit or delete permissions for records exposed in a ... read CVE-2023-49783
    Published: January 23, 2024; 9:15:37 AM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2023-48714 - Silverstripe Framework is the framework that forms the base of the Silverstripe content management system. Prior to versions 4.13.39 and 5.1.11, if a user should not be able to see a record, but that record can be added to a `GridField` using the ... read CVE-2023-48714
    Published: January 23, 2024; 9:15:37 AM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2023-40092 - In verifyShortcutInfoPackage of ShortcutService.java, there is a possible way to see another user's image due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is... read CVE-2023-40092
    Published: December 04, 2023; 6:15:24 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2023-40091 - In onTransact of IncidentService.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
    Published: December 04, 2023; 6:15:24 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-40090 - In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. This could lead to remote escalation of privilege with no additional execution privileges needed. User inte... read CVE-2023-40090
    Published: December 04, 2023; 6:15:24 PM -0500

    V3.1: 6.5 MEDIUM

  • CVE-2023-40089 - In getCredentialManagerPolicy of DevicePolicyManagerService.java, there is a possible method for users to select credential managers without permission due to a missing permission check. This could lead to local escalation of privilege with no add... read CVE-2023-40089
    Published: December 04, 2023; 6:15:24 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-40088 - In callback_thread_event of com_android_bluetooth_btservice_AdapterService.cpp, there is a possible memory corruption due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges nee... read CVE-2023-40088
    Published: December 04, 2023; 6:15:24 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-40096 - In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is a possible way to record audio from the background due to a missing flag. This could lead to local escalation of privilege with User execution privileges needed. User interacti... read CVE-2023-40096
    Published: December 04, 2023; 6:15:24 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-40097 - In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed f... read CVE-2023-40097
    Published: December 04, 2023; 6:15:24 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-40098 - In mOnDone of NotificationConversationInfo.java, there is a possible way to access app notification data of another user due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges need... read CVE-2023-40098
    Published: December 04, 2023; 6:15:24 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2023-40103 - In multiple locations, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
    Published: December 04, 2023; 6:15:24 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-45777 - In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution ... read CVE-2023-45777
    Published: December 04, 2023; 6:15:26 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-45776 - In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e... read CVE-2023-45776
    Published: December 04, 2023; 6:15:26 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-45775 - In CreateAudioBroadcast of broadcaster.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e... read CVE-2023-45775
    Published: December 04, 2023; 6:15:26 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-45774 - In fixUpIncomingShortcutInfo of ShortcutService.java, there is a possible way to view another user's image due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ... read CVE-2023-45774
    Published: December 04, 2023; 6:15:26 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-45773 - In multiple functions of btm_ble_gap.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
    Published: December 04, 2023; 6:15:26 PM -0500

    V3.1: 7.8 HIGH

  • CVE-2023-40462 - The ACEManager component of ALEOS 4.16 and earlier does not perform input sanitization during authentication, which could potentially result in a Denial of Service (DoS) condition for ACEManager without impairing other router fu... read CVE-2023-40462
    Published: December 04, 2023; 6:15:25 PM -0500

    V3.1: 7.5 HIGH