U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

Time Period New CVEs Received by NVD New CVEs Analyzed by NVD Modified CVEs Received by NVD Modified CVEs Re-analyzed by NVD
Today {{data.count}}
This Week {{data.count}}
This Month {{data.count}}
Last Month {{data.count}}
This Year {{data.count}}

CVE Status Count

Please Wait

CVE Status Count

{{data.name}} {{data.count}}

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}

CVSS V2 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2023-52217 - Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11.
    Published: June 11, 2024; 6:15:11 AM -0400

    V3.1: 6.3 MEDIUM

  • CVE-2024-24704 - Missing Authorization vulnerability in AddonMaster Load More Anything.This issue affects Load More Anything: from n/a through 3.3.3.
    Published: June 11, 2024; 6:15:12 AM -0400

    V3.1: 6.3 MEDIUM

  • CVE-2024-34824 - Missing Authorization vulnerability in ThemeBoy SportsPress – Sports Club & League Manager.This issue affects SportsPress – Sports Club & League Manager: from n/a through 2.7.20.
    Published: June 11, 2024; 6:15:12 AM -0400

    V3.1: 6.3 MEDIUM

  • CVE-2024-35716 - Missing Authorization vulnerability in Copymatic Copymatic – AI Content Writer & Generator.This issue affects Copymatic – AI Content Writer & Generator: from n/a through 1.9.
    Published: June 11, 2024; 6:15:13 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-35692 - Missing Authorization vulnerability in Termly Cookie Consent.This issue affects Cookie Consent: from n/a through 3.2.
    Published: June 11, 2024; 6:15:12 AM -0400

    V3.1: 7.3 HIGH

  • CVE-2024-5171 - Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers: * Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer... read CVE-2024-5171
    Published: June 05, 2024; 4:15:13 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-5663 - The Cards for Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Cards widget in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied at... read CVE-2024-5663
    Published: June 07, 2024; 11:15:48 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-4898 - The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it possible ... read CVE-2024-4898
    Published: June 12, 2024; 7:15:50 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-4845 - The Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘options[list_id]’ parameter in all versions up to, and including, 5.7.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio... read CVE-2024-4845
    Published: June 12, 2024; 6:15:31 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-2092 - The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Twitter Widget in all versions up to, and including, 1.13.3 due to insufficient input sanitization and output escaping on user supplied... read CVE-2024-2092
    Published: June 12, 2024; 6:15:30 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-1766 - The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for au... read CVE-2024-1766
    Published: June 12, 2024; 7:15:50 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2022-48849 - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: bypass tiling flag check in virtual display case (v2) vkms leverages common amdgpu framebuffer creation, and also as it does not support FB modifier, there is no nee... read CVE-2022-48849
    Published: July 16, 2024; 9:15:12 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-48850 - In the Linux kernel, the following vulnerability has been resolved: net-sysfs: add check for netdevice being present to speed_show When bringing down the netdevice or system shutdown, a panic can be triggered while accessing the sysfs path becau... read CVE-2022-48850
    Published: July 16, 2024; 9:15:12 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-48853 - In the Linux kernel, the following vulnerability has been resolved: swiotlb: fix info leak with DMA_FROM_DEVICE The problem I'm addressing was discovered by the LTP test covering cve-2018-1000204. A short description of what happens follows: 1)... read CVE-2022-48853
    Published: July 16, 2024; 9:15:12 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-48851 - In the Linux kernel, the following vulnerability has been resolved: staging: gdm724x: fix use after free in gdm_lte_rx() The netif_rx_ni() function frees the skb so we can't dereference it to save the skb->len.
    Published: July 16, 2024; 9:15:12 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2022-48852 - In the Linux kernel, the following vulnerability has been resolved: drm/vc4: hdmi: Unregister codec device on unbind On bind we will register the HDMI codec device but we don't unregister it on unbind, leading to a device leakage. Unregister our... read CVE-2022-48852
    Published: July 16, 2024; 9:15:12 AM -0400

    V3.1: 3.3 LOW

  • CVE-2022-48854 - In the Linux kernel, the following vulnerability has been resolved: net: arc_emac: Fix use after free in arc_mdio_probe() If bus->state is equal to MDIOBUS_ALLOCATED, mdiobus_free(bus) will free the "bus". But bus->name is still used in the next... read CVE-2022-48854
    Published: July 16, 2024; 9:15:12 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2022-48855 - In the Linux kernel, the following vulnerability has been resolved: sctp: fix kernel-infoleak for SCTP sockets syzbot reported a kernel infoleak [1] of 4 bytes. After analysis, it turned out r->idiag_expires is not initialized if inet_sctp_diag... read CVE-2022-48855
    Published: July 16, 2024; 9:15:12 AM -0400

    V3.1: 7.1 HIGH

  • CVE-2022-48856 - In the Linux kernel, the following vulnerability has been resolved: gianfar: ethtool: Fix refcount leak in gfar_get_ts_info The of_find_compatible_node() function returns a node pointer with refcount incremented, We should use of_node_put() on i... read CVE-2022-48856
    Published: July 16, 2024; 9:15:12 AM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-48857 - In the Linux kernel, the following vulnerability has been resolved: NFC: port100: fix use-after-free in port100_send_complete Syzbot reported UAF in port100_send_complete(). The root case is in missing usb_kill_urb() calls on error handling path... read CVE-2022-48857
    Published: July 16, 2024; 9:15:12 AM -0400

    V3.1: 5.5 MEDIUM