U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2023-51369 - Cross-Site Request Forgery (CSRF) vulnerability in SysBasics Customize My Account for WooCommerce.This issue affects Customize My Account for WooCommerce: from n/a through 1.8.3.
    Published: March 15, 2024; 11:15:08 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2025-25160 - Cross-Site Request Forgery (CSRF) vulnerability in Mark Barnes Style Tweaker allows Stored XSS. This issue affects Style Tweaker: from n/a through 0.11.
    Published: February 07, 2025; 5:15:21 AM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2024-7419 - The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This ma... read CVE-2024-7419
    Published: February 07, 2025; 11:15:39 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2024-9664 - The WP All Import Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.7 via deserialization of untrusted input from an import file. This makes it possible for authenticated attackers, with Admin... read CVE-2024-9664
    Published: February 07, 2025; 11:15:39 AM -0500

    V3.1: 7.2 HIGH

  • CVE-2024-7425 - The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versions up to, and including, 1.9.1. This makes it p... read CVE-2024-7425
    Published: February 07, 2025; 12:15:30 PM -0500

    V3.1: 7.2 HIGH

  • CVE-2025-25163 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zach Swetz Plugin A/B Image Optimizer allows Path Traversal. This issue affects Plugin A/B Image Optimizer: from n/a through 3.3.
    Published: February 07, 2025; 5:15:21 AM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2024-4807 - A vulnerability, which was classified as critical, has been found in Kashipara College Management System 1.0. This issue affects some unknown processing of the file delete_user.php. The manipulation of the argument id leads to sql injection. The a... read CVE-2024-4807
    Published: May 14, 2024; 11:44:58 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-4905 - A vulnerability classified as critical has been found in Kashipara College Management System 1.0. Affected is an unknown function of the file view_students_each_detail.php. The manipulation of the argument id leads to sql injection. It is possible... read CVE-2024-4905
    Published: May 15, 2024; 2:15:11 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-4808 - A vulnerability, which was classified as critical, was found in Kashipara College Management System 1.0. Affected is an unknown function of the file delete_faculty.php. The manipulation of the argument id leads to sql injection. It is possible to ... read CVE-2024-4808
    Published: May 14, 2024; 11:44:58 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-5367 - A vulnerability was found in Kashipara College Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file each_extracurricula_activities.php. The manipulation of the argument id leads to cross site ... read CVE-2024-5367
    Published: May 26, 2024; 11:15:08 AM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2024-5368 - A vulnerability was found in Kashipara College Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file delete_faculty.php. The manipulation of the argument id leads to cross site scripting. It is p... read CVE-2024-5368
    Published: May 26, 2024; 12:15:08 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2024-5369 - A vulnerability was found in Kashipara College Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file submit_admin.php. The manipulation of the argument admin_name leads t... read CVE-2024-5369
    Published: May 26, 2024; 1:15:21 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2024-5370 - A vulnerability was found in Kashipara College Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file submit_enroll_staff.php. The manipulation of the argument class_name leads to ... read CVE-2024-5370
    Published: May 26, 2024; 2:15:08 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2024-5371 - A vulnerability classified as problematic has been found in Kashipara College Management System 1.0. This affects an unknown part of the file submit_enroll_student.php. The manipulation of the argument class_name leads to cross site scripting. It ... read CVE-2024-5371
    Published: May 26, 2024; 2:15:08 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2024-4799 - A vulnerability, which was classified as critical, was found in Kashipara College Management System 1.0. This affects an unknown part of the file view_each_faculty.php. The manipulation of the argument id leads to sql injection. It is possible to ... read CVE-2024-4799
    Published: May 14, 2024; 11:44:52 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-4800 - A vulnerability has been found in Kashipara College Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file submit_student.php. The manipulation of the argument date_of_birth leads to sql injection. Th... read CVE-2024-4800
    Published: May 14, 2024; 11:44:53 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-4801 - A vulnerability was found in Kashipara College Management System 1.0 and classified as critical. This issue affects some unknown processing of the file submit_new_faculty.php. The manipulation of the argument address leads to sql injection. The at... read CVE-2024-4801
    Published: May 14, 2024; 11:44:54 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-4802 - A vulnerability was found in Kashipara College Management System 1.0. It has been classified as critical. Affected is an unknown function of the file submit_extracurricular_activity.php. The manipulation of the argument activity_datetime leads to ... read CVE-2024-4802
    Published: May 14, 2024; 11:44:54 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-4803 - A vulnerability was found in Kashipara College Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file submit_admin.php. The manipulation of the argument phone leads to sql in... read CVE-2024-4803
    Published: May 14, 2024; 11:44:55 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-4804 - A vulnerability was found in Kashipara College Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file edit_user.php. The manipulation of the argument id leads to sql injection. The at... read CVE-2024-4804
    Published: May 14, 2024; 11:44:56 AM -0400

    V3.1: 8.8 HIGH

Created September 20, 2022 , Updated August 27, 2024