U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2024-22151 - Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.24.6.
    Published: June 08, 2024; 1:15:42 PM -0400

  • CVE-2024-37070 - IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system.
    Published: November 19, 2024; 3:15:30 PM -0500

    V3.1: 6.5 MEDIUM

  • CVE-2024-5208 - An uncontrolled resource consumption vulnerability exists in the `upload-link` endpoint of mintplex-labs/anything-llm. This vulnerability allows attackers to cause a denial of service (DOS) by shutting down the server through sending invalid uploa... read CVE-2024-5208
    Published: June 19, 2024; 2:15:11 AM -0400

  • CVE-2024-10813 - The Product Table for WooCommerce by CodeAstrology (wooproducttable.com) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1 via the var_dump_table parameter. This makes it possible for ... read CVE-2024-10813
    Published: November 22, 2024; 11:15:07 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2024-10873 - The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the _load_template function. This makes it possible for authenticated attackers, with Contributor-le... read CVE-2024-10873
    Published: November 23, 2024; 12:15:06 AM -0500

  • CVE-2024-10880 - The JobBoardWP – Job Board Listings and Submissions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and includin... read CVE-2024-10880
    Published: November 23, 2024; 12:15:06 AM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2024-11188 - The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to POST-Based Reflected Cross-Site Scripting via the Custom HTML Form parameters in all versions up to, and... read CVE-2024-11188
    Published: November 23, 2024; 1:15:17 AM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2024-9659 - The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_user_avatar_image_upload() function in all versions up to, and including, 91.5.0. This makes... read CVE-2024-9659
    Published: November 23, 2024; 3:15:03 AM -0500

  • CVE-2024-9660 - The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_load_documets_new() and mj_smgt_load_documets() functions in all versions up to, and includi... read CVE-2024-9660
    Published: November 23, 2024; 3:15:04 AM -0500

  • CVE-2024-10519 - The Wishlist for WooCommerce: Multi Wishlists Per Customer PRO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wtab' parameter in versions 3.0.8 to 3.1.2 due to insufficient input sanitization and output escaping. Thi... read CVE-2024-10519
    Published: November 23, 2024; 5:15:03 AM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2024-10542 - The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to,... read CVE-2024-10542
    Published: November 26, 2024; 1:15:07 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2024-10781 - The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'api_key' value in the 'perform' function in all versions up to, and ... read CVE-2024-10781
    Published: November 26, 2024; 1:15:08 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2024-12596 - The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to arbitrary post deletion due to a missing capability check on the 'llms_delete_cert' action in all versions up to, and including, 7.8.5. This make... read CVE-2024-12596
    Published: December 17, 2024; 11:15:08 PM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2025-2290 - The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to Unauthenticated Post Trashing due to a missing capability check on the delete_access_plan function and the related AJAX calls in all versions up ... read CVE-2025-2290
    Published: March 19, 2025; 1:15:41 AM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2024-12713 - The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handle_export_form() function due to a missing capability check. This makes it ... read CVE-2024-12713
    Published: January 07, 2025; 11:15:06 PM -0500

    V3.1: 5.3 MEDIUM

  • CVE-2025-6691 - The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_entry_files() function in all versions up to, and including, 1.7.3. This ... read CVE-2025-6691
    Published: July 09, 2025; 2:15:23 AM -0400

    V3.1: 8.1 HIGH

  • CVE-2025-6742 - The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.7.3 via the use of file_exists() in the delete_entry_files() function without restriction o... read CVE-2025-6742
    Published: July 09, 2025; 2:15:25 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-10100 - A path traversal vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on t... read CVE-2024-10100
    Published: October 17, 2024; 3:15:21 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-10101 - A stored cross-site scripting (XSS) vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored i... read CVE-2024-10101
    Published: October 17, 2024; 3:15:21 PM -0400

  • CVE-2024-10109 - A vulnerability in the mintplex-labs/anything-llm repository, as of commit 5c40419, allows low privilege users to access the sensitive API endpoint "/api/system/custom-models". This access enables them to modify the model's API key and base path, ... read CVE-2024-10109
    Published: March 20, 2025; 6:15:14 AM -0400

Created September 20, 2022 , Updated August 27, 2024