U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

Time Period New CVEs Received by NVD New CVEs Analyzed by NVD Modified CVEs Received by NVD Modified CVEs Re-analyzed by NVD
Today 0000
This Week 01770123
This Month 335827390319
Last Month 349122600204
This Year 335827390319

CVE Status Count

Please Wait

CVE Status Count

Total 279280
Received 515
Awaiting Analysis 22298
Undergoing Analysis 1179
Modified 229013
Rejected 14652

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns
CRITICAL 24738
HIGH 66025
MEDIUM 66836
LOW 2784

CVSS V2 Score Distribution

Severity Number of Vulns
HIGH 56836
MEDIUM 104167
LOW 19074


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2024-29889 - GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is f... read CVE-2024-29889
    Published: May 07, 2024; 10:15:10 AM -0400

    V3.1: 8.1 HIGH

  • CVE-2024-34547 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.1.34.
    Published: May 08, 2024; 8:15:08 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-2923 - The Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text effect widget in all versions up to, and includ... read CVE-2024-2923
    Published: May 14, 2024; 11:21:26 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-3680 - The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animation Title widget's img tag in all versions up to, and including, 2.1.5 due to insufficient input sanitizatio... read CVE-2024-3680
    Published: May 14, 2024; 11:42:02 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-3831 - The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escap... read CVE-2024-3831
    Published: May 14, 2024; 11:42:24 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-3989 - The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Gallery Justify Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output esc... read CVE-2024-3989
    Published: May 14, 2024; 11:42:39 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-4158 - The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 2.0.42 due to insufficient input sanitization and output escaping. This makes it possible for authenticated ... read CVE-2024-4158
    Published: May 14, 2024; 11:43:00 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-4487 - The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG uploads in versions up to, and including, 2.0.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated a... read CVE-2024-4487
    Published: May 14, 2024; 11:43:53 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2023-42496 - Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to ... read CVE-2023-42496
    Published: February 20, 2024; 10:15:08 PM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2023-42498 - Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web... read CVE-2023-42498
    Published: February 20, 2024; 10:15:08 PM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2024-1108 - The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_init() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attack... read CVE-2024-1108
    Published: February 20, 2024; 10:15:08 PM -0500

    V3.1: 8.2 HIGH

  • CVE-2024-25603 - Stored cross-site scripting (XSS) vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before update 4, 7.2 before fix pack 17, and older un... read CVE-2024-25603
    Published: February 20, 2024; 10:15:09 PM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2024-26266 - Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions ... read CVE-2024-26266
    Published: February 20, 2024; 10:15:09 PM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2024-26269 - Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows rem... read CVE-2024-26269
    Published: February 20, 2024; 10:15:09 PM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2024-25151 - The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notifica... read CVE-2024-25151
    Published: February 20, 2024; 11:15:08 PM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2018-17463 - Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
    Published: November 14, 2018; 10:29:00 AM -0500

    V3.1: 8.8 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2018-14667 - The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects v... read CVE-2018-14667
    Published: November 06, 2018; 5:29:00 PM -0500

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH

  • CVE-2018-6961 - VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be... read CVE-2018-6961
    Published: June 11, 2018; 6:29:00 PM -0400

    V3.1: 8.1 HIGH
    V2.0: 6.8 MEDIUM

  • CVE-2016-9079 - A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ES... read CVE-2016-9079
    Published: June 11, 2018; 5:29:01 PM -0400

    V3.1: 7.5 HIGH
    V2.0: 5.0 MEDIUM

  • CVE-2018-2628 - Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unau... read CVE-2018-2628
    Published: April 18, 2018; 10:29:00 PM -0400

    V3.1: 9.8 CRITICAL
    V2.0: 7.5 HIGH