U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
NOTICE UPDATED - May, 29th 2024

The NVD has a new announcement page with status updates, news, and how to stay connected!

The letters N V D typed out in binary
New 2.0 APIs
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2024-5943 - The Nested Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.7. This is due to missing or incorrect nonce validation on the 'settingsPage' function and missing santization of the 'tab'... read CVE-2024-5943
    Published: July 04, 2024; 8:15:03 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-6434 - The Premium Addons for Elementor plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 4.10.35. This is due to processing user-supplied input as a regular expression. This makes it... read CVE-2024-6434
    Published: July 04, 2024; 5:15:05 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2024-6319 - The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload' function in all versions up to, and including, 2.3.10. This makes it possible for authenticated attackers, with contribu... read CVE-2024-6319
    Published: July 04, 2024; 5:15:05 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-6318 - The IMGspider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload_img_file' function in all versions up to, and including, 2.3.10. This makes it possible for authenticated attackers, with... read CVE-2024-6318
    Published: July 04, 2024; 5:15:04 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-5641 - The One Click Order Re-Order plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ced_ocor_save_general_setting' function in all versions up to, and including, 1.1.9. This makes it possi... read CVE-2024-5641
    Published: July 04, 2024; 4:15:01 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-3639 - The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Posts Grid widget in all versions up to, and including, 8.3.7 due to insufficient input sanitization and output escaping on user s... read CVE-2024-3639
    Published: July 04, 2024; 12:15:16 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-3638 - The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Marquee Text Widget, Testimonials Widget, and Testimonial Slider widgets in all versions up to, and including, 8.3.7 due to insuffi... read CVE-2024-3638
    Published: July 04, 2024; 12:15:15 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-2926 - The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 8.3.7 due to insufficient input sanitization and output escaping on user supplied att... read CVE-2024-2926
    Published: July 04, 2024; 12:15:14 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-2385 - The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.3.7 via several of the plugin's widgets through the 'style' attribute. This makes it possible for authenticated att... read CVE-2024-2385
    Published: July 04, 2024; 12:15:14 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-34589 - Improper input validation in parsing RTCP RR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
    Published: July 02, 2024; 6:15:07 AM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2024-34588 - Improper input validation?in parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
    Published: July 02, 2024; 6:15:06 AM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2024-34587 - Improper input validation in parsing application information from RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vu... read CVE-2024-34587
    Published: July 02, 2024; 6:15:06 AM -0400

    V3.1: 6.8 MEDIUM

  • CVE-2024-34586 - Improper access control in KnoxCustomManagerService prior to SMR Jul-2024 Release 1 allows local attackers to configure Knox privacy policy.
    Published: July 02, 2024; 6:15:06 AM -0400

    V3.1: 3.3 LOW

  • CVE-2024-34585 - Improper access control in launchApp of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.
    Published: July 02, 2024; 6:15:06 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-34583 - Improper access control in system property prior to SMR Jul-2024 Release 1 allows local attackers to get device identifier.
    Published: July 02, 2024; 6:15:06 AM -0400

    V3.1: 3.3 LOW

  • CVE-2024-20901 - Improper input validation in copying data to buffer cache in libsaped prior to SMR Jul-2024 Release 1 allows local attackers to write out-of-bounds memory.
    Published: July 02, 2024; 6:15:05 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-20899 - Use of implicit intent for sensitive communication in RCS function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
    Published: July 02, 2024; 6:15:05 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2024-20900 - Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode without proper authentication.
    Published: July 02, 2024; 6:15:05 AM -0400

    V3.1: 3.3 LOW

  • CVE-2024-20898 - Use of implicit intent for sensitive communication in SoftphoneClient in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
    Published: July 02, 2024; 6:15:05 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2024-6427 - Uncontrolled Resource Consumption vulnerability in MESbook 20221021.03 version. An unauthenticated remote attacker can use the "message" parameter to inject a payload with dangerous JavaScript code, causing the application to loop requests on itse... read CVE-2024-6427
    Published: July 03, 2024; 8:15:03 AM -0400

    V3.1: 7.5 HIGH

Created September 20, 2022 , Updated June 27, 2024