U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
The letters N V D typed out in binary
New 2.0 APIs
Emphasis on APIs for web automation
2022-23 Change Timeline
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2023-7113 - Mattermost version 8.1.6 and earlier fails to sanitize channel mention data in posts, which allows an attacker to inject markup in the web client.
    Published: December 29, 2023; 8:15:11 AM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2023-7114 - Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server.
    Published: December 29, 2023; 8:15:12 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-51410 - Unrestricted Upload of File with Dangerous Type vulnerability in WPVibes WP Mail Log.This issue affects WP Mail Log: from n/a through 1.1.2.
    Published: December 29, 2023; 9:15:46 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-51411 - Unrestricted Upload of File with Dangerous Type vulnerability in Shabti Kaplan Frontend Admin by DynamiApps.This issue affects Frontend Admin by DynamiApps: from n/a through 3.18.3.
    Published: December 29, 2023; 9:15:46 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2023-51412 - Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.25.
    Published: December 29, 2023; 9:15:46 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2023-51417 - Unrestricted Upload of File with Dangerous Type vulnerability in Joris van Montfort JVM Gutenberg Rich Text Icons.This issue affects JVM Gutenberg Rich Text Icons: from n/a through 1.2.3.
    Published: December 29, 2023; 9:15:46 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-51419 - Unrestricted Upload of File with Dangerous Type vulnerability in Bertha.Ai BERTHA AI. Your AI co-pilot for WordPress and Chrome.This issue affects BERTHA AI. Your AI co-pilot for WordPress and Chrome: from n/a through 1.11.10.7.
    Published: December 29, 2023; 9:15:47 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2023-51541 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Uroševi? Stock Ticker allows Stored XSS.This issue affects Stock Ticker: from n/a through 3.23.4.
    Published: December 29, 2023; 6:15:11 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2023-51399 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Back Button Widget allows Stored XSS.This issue affects Back Button Widget: from n/a through 1.6.3.
    Published: December 29, 2023; 6:15:10 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2023-51397 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force WP Remote Site Search allows Stored XSS.This issue affects WP Remote Site Search: from n/a through 1.0.4.
    Published: December 29, 2023; 6:15:10 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2023-51396 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brizy.Io Brizy – Page Builder allows Stored XSS.This issue affects Brizy – Page Builder: from n/a through 2.4.29.
    Published: December 29, 2023; 6:15:10 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2023-51374 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZeroBounce ZeroBounce Email Verification & Validation allows Stored XSS.This issue affects ZeroBounce Email Verification & Validation: from n/a t... read CVE-2023-51374
    Published: December 29, 2023; 6:15:10 AM -0500

    V3.1: 4.8 MEDIUM

  • CVE-2023-51373 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ian Kennerley Google Photos Gallery with Shortcodes allows Reflected XSS.This issue affects Google Photos Gallery with Shortcodes: from n/a throu... read CVE-2023-51373
    Published: December 29, 2023; 6:15:09 AM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2023-51372 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HashBar – WordPress Notification Bar allows Stored XSS.This issue affects HashBar – WordPress Notification Bar: from n/a through 1.4.1.
    Published: December 29, 2023; 6:15:09 AM -0500

    V3.1: 4.8 MEDIUM

  • CVE-2023-52135 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WS Form WS Form LITE – Drag & Drop Contact Form Builder for WordPress.This issue affects WS Form LITE – Drag & Drop Contact Form Builder for Word... read CVE-2023-52135
    Published: December 29, 2023; 6:15:11 AM -0500

    V3.1: 7.2 HIGH

  • CVE-2023-51371 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messenger, Live Chat Support Chat Button, WeChat, SMS,... read CVE-2023-51371
    Published: December 29, 2023; 6:15:09 AM -0500

    V3.1: 4.8 MEDIUM

  • CVE-2023-51361 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ginger Plugins Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button allows Stored XSS.This iss... read CVE-2023-51361
    Published: December 29, 2023; 6:15:09 AM -0500

    V3.1: 4.8 MEDIUM

  • CVE-2023-41813 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Allows you to edit the Web Console user notification options. This issue affects Pandora FM... read CVE-2023-41813
    Published: December 29, 2023; 7:15:43 AM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2023-41814 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is possible to carry out XSS attacks when the user ... read CVE-2023-41814
    Published: December 29, 2023; 7:15:43 AM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2023-41815 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Malicious code could be executed in the File Manager section. This issue affects Pandora FM... read CVE-2023-41815
    Published: December 29, 2023; 7:15:43 AM -0500

    V3.1: 6.1 MEDIUM