U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
NOTICE UPDATED - May, 29th 2024

The NVD has a new announcement page with status updates, news, and how to stay connected!

The letters N V D typed out in binary
New 2.0 APIs
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2024-6340 - The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 4.10.35 due to insufficient input sanitization and output escaping on user s... read CVE-2024-6340
    Published: July 03, 2024; 4:15:10 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-2235 - The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack
    Published: July 03, 2024; 2:15:03 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2024-2375 - The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks
    Published: July 03, 2024; 2:15:03 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-2376 - The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
    Published: July 03, 2024; 2:15:03 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-4482 - The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Countdown' widget in all versions up to, and including, 5.6.1 due to i... read CVE-2024-4482
    Published: July 03, 2024; 4:15:09 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-6263 - The WP Lightbox 2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 3.0.6.6 due to insufficient input sanitization and output escaping. This makes it possible for auth... read CVE-2024-6263
    Published: July 03, 2024; 4:15:10 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-4543 - The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.4. This is due to missing or incorrect nonce validation when adding or editing shortcodes. This makes it possible for... read CVE-2024-4543
    Published: July 03, 2024; 1:15:10 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2024-2040 - The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack
    Published: July 03, 2024; 2:15:02 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2024-2233 - The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group
    Published: July 03, 2024; 2:15:03 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2024-2234 - The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks
    Published: July 03, 2024; 2:15:03 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-39143 - A stored cross-site scripting (XSS) vulnerability exists in ResidenceCMS 2.10.1 that allows a low-privilege user to create malicious property content with HTML inside which acts as a stored XSS payload.
    Published: July 02, 2024; 10:15:13 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-37185 - in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
    Published: July 02, 2024; 5:15:19 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-37077 - in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
    Published: July 02, 2024; 5:15:19 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-37030 - in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through use after free.
    Published: July 02, 2024; 5:15:18 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-36278 - in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion.
    Published: July 02, 2024; 5:15:18 AM -0400

    V3.1: 3.3 LOW

  • CVE-2024-36260 - in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds write.
    Published: July 02, 2024; 5:15:18 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-36243 - in OpenHarmony v4.0.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps through out-of-bounds read and write.
    Published: July 02, 2024; 5:15:18 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-31071 - in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion.
    Published: July 02, 2024; 5:15:18 AM -0400

    V3.1: 3.3 LOW

  • CVE-2024-37134 - Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access.
    Published: July 02, 2024; 4:15:05 AM -0400

    V3.1: 6.7 MEDIUM

  • CVE-2024-37133 - Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to unauthorized gain of root-level access.
    Published: July 02, 2024; 4:15:05 AM -0400

    V3.1: 6.7 MEDIUM

Created September 20, 2022 , Updated June 27, 2024