U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

Time Period New CVEs Received by NVD New CVEs Analyzed by NVD Modified CVEs Received by NVD Modified CVEs Re-analyzed by NVD
Today {{data.count}}
This Week {{data.count}}
This Month {{data.count}}
Last Month {{data.count}}
This Year {{data.count}}

CVE Status Count

Please Wait

CVE Status Count

{{data.name}} {{data.count}}

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}

CVSS V2 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2024-10229 - Inappropriate implementation in Extensions in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)
    Published: October 22, 2024; 6:15:03 PM -0400

    V3.1: 8.1 HIGH

  • CVE-2024-10230 - Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
    Published: October 22, 2024; 6:15:03 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-10231 - Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
    Published: October 22, 2024; 6:15:04 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-40493 - Null Pointer Dereference in `coap_client_exchange_blockwise2` function in Keith Cullen FreeCoAP 1.0 allows remote attackers to cause a denial of service and potentially execute arbitrary code via a specially crafted CoAP packet that causes `coap_m... read CVE-2024-40493
    Published: October 22, 2024; 6:15:04 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-44812 - SQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component.
    Published: October 22, 2024; 6:15:05 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-48415 - itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters in new borrowers functionality on the Borrowers page.
    Published: October 22, 2024; 6:15:05 PM -0400

    V3.1: 5.0 MEDIUM

  • CVE-2024-9947 - The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.11.1. This is due to insufficient verification on the user being returned by the social login token. This makes it possible fo... read CVE-2024-9947
    Published: October 23, 2024; 3:15:04 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-48652 - Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field.
    Published: October 22, 2024; 6:15:06 PM -0400

    V3.1: 4.8 MEDIUM

  • CVE-2024-8500 - The WP Shortcodes Plugin ā€” Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 7.2.2 due to insufficient input sanitization and output escaping. Thi... read CVE-2024-8500
    Published: October 23, 2024; 7:15:13 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-10250 - The Nioland theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ā€˜sā€™ parameter in all versions up to, and including, 1.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate... read CVE-2024-10250
    Published: October 23, 2024; 10:15:04 AM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2023-6606 - An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.
    Published: December 08, 2023; 12:15:07 PM -0500

    V3.1: 7.1 HIGH

  • CVE-2024-30160 - A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validat... read CVE-2024-30160
    Published: October 21, 2024; 5:15:05 PM -0400

    V3.1: 4.8 MEDIUM

  • CVE-2024-30159 - A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a Stored Cross-Site Scripting (XSS) attack due to insufficient validation of user... read CVE-2024-30159
    Published: October 21, 2024; 5:15:05 PM -0400

    V3.1: 4.8 MEDIUM

  • CVE-2024-9829 - The Download Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the 'dpwap_handle_download_user' and 'dpwap_handle_download_comment' functions in all versions up to, and including, 2.2.0.... read CVE-2024-9829
    Published: October 23, 2024; 2:15:11 AM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2024-30158 - A vulnerability in the web conferencing component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A successful... read CVE-2024-30158
    Published: October 21, 2024; 5:15:04 PM -0400

    V3.1: 7.2 HIGH

  • CVE-2024-9927 - The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via order proposal in all versions up to and including 2.0.5. This is due to the improper implementation of allow_payment_without_login function. This makes ... read CVE-2024-9927
    Published: October 22, 2024; 10:15:07 PM -0400

    V3.1: 7.2 HIGH

  • CVE-2024-30157 - A vulnerability in the Suite Applications Services component of Mitel MiCollab through 9.7.1.110 could allow an authenticated attacker with administrative privileges to conduct a SQL Injection attack due to insufficient validation of user input. A... read CVE-2024-30157
    Published: October 21, 2024; 5:15:04 PM -0400

    V3.1: 7.2 HIGH

  • CVE-2024-9583 - The RSS Aggregator ā€“ RSS Import, News Feeds, Feed to Post, and Autoblogging plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the wprss_ajax_send_premium_support function in all versions u... read CVE-2024-9583
    Published: October 23, 2024; 3:15:03 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-48926 - Umbraco, a free and open source .NET content management system, has an insufficient session expiration issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. The Backoffice displays the logout page wi... read CVE-2024-48926
    Published: October 22, 2024; 12:15:08 PM -0400

    V3.1: 3.1 LOW

  • CVE-2024-48927 - Umbraco, a free and open source .NET content management system, has a remote code execution issue in versions on the 13.x branch prior to 13.5.2, 10.x prior to 10.8.7, and 8.x prior to 8.18.15. There is a potential risk of code execution for Backo... read CVE-2024-48927
    Published: October 22, 2024; 12:15:08 PM -0400

    V3.1: 4.6 MEDIUM