U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2024-9416 - The Modula Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions <= 5.0.36) due to insufficient input sanitization and output escaping on user supplied attrib... read CVE-2024-9416
    Published: April 03, 2025; 9:15:42 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-12853 - The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 2.11.10. This makes it possible for authenticated attac... read CVE-2024-12853
    Published: January 08, 2025; 5:15:06 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2024-56045 - Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.
    Published: December 31, 2024; 9:15:24 AM -0500

  • CVE-2025-49925 - Missing Authorization vulnerability in VibeThemes WPLMS wplms_plugin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through <= 1.9.9.7.
    Published: October 22, 2025; 11:15:38 AM -0400

  • CVE-2024-56047 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3.
    Published: December 18, 2024; 2:15:12 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2024-56048 - Missing Authorization vulnerability in VibeThemes WPLMS allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through 1.9.9.
    Published: December 18, 2024; 2:15:12 PM -0500

  • CVE-2024-56049 - Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2.
    Published: December 18, 2024; 2:15:12 PM -0500

  • CVE-2024-56050 - Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.3.
    Published: December 18, 2024; 2:15:12 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2024-56051 - Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS allows Code Injection.This issue affects WPLMS: from n/a before 1.9.9.5.
    Published: December 18, 2024; 2:15:12 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-53447 - In the Linux kernel, the following vulnerability has been resolved: f2fs: don't reset unchangable mount option in f2fs_remount() syzbot reports a bug as below: general protection fault, probably for non-canonical address 0xdffffc0000000009: 000... read CVE-2023-53447
    Published: September 18, 2025; 12:15:49 PM -0400

    V3.1: 4.7 MEDIUM

  • CVE-2023-53446 - In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free Struct pcie_link_state->downstream is a pointer to the pci_dev of function 0. Previously we retained that... read CVE-2023-53446
    Published: September 18, 2025; 12:15:48 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2023-53445 - In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Fix a refcount bug in qrtr_recvmsg() Syzbot reported a bug as following: refcount_t: addition on 0; use-after-free. ... RIP: 0010:refcount_warn_saturate+0x17c/0x1f0 ... read CVE-2023-53445
    Published: September 18, 2025; 12:15:48 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2023-53444 - In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix bulk_move corruption when adding a entry When the resource is the first in the bulk_move range, adding it again (thus moving it to the tail) will corrupt the list s... read CVE-2023-53444
    Published: September 18, 2025; 12:15:48 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2023-53443 - In the Linux kernel, the following vulnerability has been resolved: mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak In arizona_clk32k_enable(), we should use pm_runtime_resume_and_get() as pm_runtime_get_sync() will increase... read CVE-2023-53443
    Published: September 18, 2025; 12:15:48 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2023-53439 - In the Linux kernel, the following vulnerability has been resolved: net: skb_partial_csum_set() fix against transport header magic value skb->transport_header uses the special 0xFFFF value to mark if the transport header was set or not. We must... read CVE-2023-53439
    Published: September 18, 2025; 12:15:48 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2023-53434 - In the Linux kernel, the following vulnerability has been resolved: remoteproc: imx_dsp_rproc: Add custom memory copy implementation for i.MX DSP Cores The IRAM is part of the HiFi DSP. According to hardware specification only 32-bits write are ... read CVE-2023-53434
    Published: September 18, 2025; 12:15:47 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2023-53433 - In the Linux kernel, the following vulnerability has been resolved: net: add vlan_get_protocol_and_depth() helper Before blamed commit, pskb_may_pull() was used instead of skb_header_pointer() in __vlan_get_protocol() and friends. Few callers d... read CVE-2023-53433
    Published: September 18, 2025; 12:15:47 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2024-58241 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Disable works on hci_unregister_dev This make use of disable_work_* on hci_unregister_dev since the hci_dev is about to be freed new submissions are not dis... read CVE-2024-58241
    Published: September 24, 2025; 7:15:31 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2025-39859 - In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog The ptp_ocp_detach() only shuts down the watchdog timer if it is pending. However, if the timer handler is already ... read CVE-2025-39859
    Published: September 19, 2025; 12:15:44 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2025-39858 - In the Linux kernel, the following vulnerability has been resolved: eth: mlx4: Fix IS_ERR() vs NULL check bug in mlx4_en_create_rx_ring Replace NULL check with IS_ERR() check after calling page_pool_create() since this function returns error poi... read CVE-2025-39858
    Published: September 19, 2025; 12:15:44 PM -0400

    V3.1: 5.5 MEDIUM

Created September 20, 2022 , Updated August 27, 2024