NVD Dashboard
CVEs Received and Processed
Time Period | New CVEs Received by NVD | New CVEs Analyzed by NVD | Modified CVEs Received by NVD | Modified CVEs Re-analyzed by NVD |
---|---|---|---|---|
Today | 0 | 0 | 0 | 0 |
This Week | 0 | 177 | 0 | 123 |
This Month | 3358 | 2739 | 0 | 319 |
Last Month | 3491 | 2260 | 0 | 204 |
This Year | 3358 | 2739 | 0 | 319 |
CVE Status Count
Total | 279280 |
Received | 515 |
Awaiting Analysis | 22298 |
Undergoing Analysis | 1179 |
Modified | 229013 |
Rejected | 14652 |
NVD Contains
CVE Vulnerabilities | 279281 |
Checklists | 822 |
US-CERT Alerts | 249 |
US-CERT Vuln Notes | 4486 |
OVAL Queries | 0 |
CPE Names | 1360631 |
CVSS V3 Score Distribution
Severity | Number of Vulns |
---|---|
CRITICAL | 24738 |
HIGH | 66025 |
MEDIUM | 66836 |
LOW | 2784 |
CVSS V2 Score Distribution
Severity | Number of Vulns |
---|---|
HIGH | 56836 |
MEDIUM | 104167 |
LOW | 19074 |
For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
-
CVE-2024-29889 - GLPI is a Free Asset and IT Management Software package. Prior to 10.0.15, an authenticated user can exploit a SQL injection vulnerability in the saved searches feature to alter another user account data take control of it. This vulnerability is f... read CVE-2024-29889
Published: May 07, 2024; 10:15:10 AM -0400V3.1: 8.1 HIGH
-
CVE-2024-34547 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.1.34.
Published: May 08, 2024; 8:15:08 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-2923 - The Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's text effect widget in all versions up to, and includ... read CVE-2024-2923
Published: May 14, 2024; 11:21:26 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-3680 - The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Animation Title widget's img tag in all versions up to, and including, 2.1.5 due to insufficient input sanitizatio... read CVE-2024-3680
Published: May 14, 2024; 11:42:02 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-3831 - The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Heading widget in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escap... read CVE-2024-3831
Published: May 14, 2024; 11:42:24 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-3989 - The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Gallery Justify Widget in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output esc... read CVE-2024-3989
Published: May 14, 2024; 11:42:39 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-4158 - The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tagName’ parameter in versions up to, and including, 2.0.42 due to insufficient input sanitization and output escaping. This makes it possible for authenticated ... read CVE-2024-4158
Published: May 14, 2024; 11:43:00 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-4487 - The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG uploads in versions up to, and including, 2.0.45 due to insufficient input sanitization and output escaping. This makes it possible for authenticated a... read CVE-2024-4487
Published: May 14, 2024; 11:43:53 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2023-42496 - Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to ... read CVE-2023-42496
Published: February 20, 2024; 10:15:08 PM -0500V3.1: 6.1 MEDIUM
-
CVE-2023-42498 - Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web... read CVE-2023-42498
Published: February 20, 2024; 10:15:08 PM -0500V3.1: 6.1 MEDIUM
-
CVE-2024-1108 - The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_init() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attack... read CVE-2024-1108
Published: February 20, 2024; 10:15:08 PM -0500V3.1: 8.2 HIGH
-
CVE-2024-25603 - Stored cross-site scripting (XSS) vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before update 4, 7.2 before fix pack 17, and older un... read CVE-2024-25603
Published: February 20, 2024; 10:15:09 PM -0500V3.1: 5.4 MEDIUM
-
CVE-2024-26266 - Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions ... read CVE-2024-26266
Published: February 20, 2024; 10:15:09 PM -0500V3.1: 5.4 MEDIUM
-
CVE-2024-26269 - Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows rem... read CVE-2024-26269
Published: February 20, 2024; 10:15:09 PM -0500V3.1: 6.1 MEDIUM
-
CVE-2024-25151 - The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notifica... read CVE-2024-25151
Published: February 20, 2024; 11:15:08 PM -0500V3.1: 5.4 MEDIUM
-
CVE-2018-17463 - Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
Published: November 14, 2018; 10:29:00 AM -0500V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
-
CVE-2018-14667 - The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote, unauthenticated attacker could exploit this to execute arbitrary code using a chain of java serialized objects v... read CVE-2018-14667
Published: November 06, 2018; 5:29:00 PM -0500V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
-
CVE-2018-6961 - VMware NSX SD-WAN Edge by VeloCloud prior to version 3.1.0 contains a command injection vulnerability in the local web UI component. This component is disabled by default and should not be enabled on untrusted networks. VeloCloud by VMware will be... read CVE-2018-6961
Published: June 11, 2018; 6:29:00 PM -0400V3.1: 8.1 HIGH
V2.0: 6.8 MEDIUM
-
CVE-2016-9079 - A use-after-free vulnerability in SVG Animation has been discovered. An exploit built on this vulnerability has been discovered in the wild targeting Firefox and Tor Browser users on Windows. This vulnerability affects Firefox < 50.0.2, Firefox ES... read CVE-2016-9079
Published: June 11, 2018; 5:29:01 PM -0400V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
-
CVE-2018-2628 - Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unau... read CVE-2018-2628
Published: April 18, 2018; 10:29:00 PM -0400V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH