NVD - Home
U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2024-10965 - A vulnerability classified as problematic was found in emqx neuron up to 2.10.0. Affected by this vulnerability is an unknown functionality of the file /api/v2/schema of the component JSON File Handler. The manipulation leads to information disclo... read CVE-2024-10965
    Published: November 07, 2024; 12:15:06 PM -0500

    V3.1: 6.5 MEDIUM

  • CVE-2024-11026 - A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on Android. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ch/qos/logback/core/net/ssl/SSL.java of the component Keystore Handler... read CVE-2024-11026
    Published: November 08, 2024; 5:15:14 PM -0500

    V3.1: 7.4 HIGH

  • CVE-2024-11049 - A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /auth_files/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to la... read CVE-2024-11049
    Published: November 10, 2024; 1:15:03 AM -0500

    V3.1: 3.7 LOW

  • CVE-2024-11050 - A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204 and classified as problematic. This issue affects some unknown processing of the file /language.php. The manipulation of the argument LangID/LangName/LangEName l... read CVE-2024-11050
    Published: November 10, 2024; 2:15:03 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2024-11070 - A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag Type Handler. The manipulation of the argument... read CVE-2024-11070
    Published: November 11, 2024; 10:15:04 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2024-11078 - A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument e leads to cross site scripti... read CVE-2024-11078
    Published: November 11, 2024; 3:15:17 PM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2024-11096 - A vulnerability, which was classified as critical, was found in code-projects Task Manager 1.0. This affects an unknown part of the file /newProject.php. The manipulation of the argument projectName leads to sql injection. It is possible to initia... read CVE-2024-11096
    Published: November 11, 2024; 8:15:03 PM -0500

    V3.1: 6.5 MEDIUM

  • CVE-2024-11485 - A vulnerability, which was classified as critical, has been found in Code4Berry Decoration Management System 1.0. Affected by this issue is some unknown functionality of the file /decoration/admin/userregister.php of the component User Handler. Th... read CVE-2024-11485
    Published: November 20, 2024; 11:15:19 AM -0500

    V3.1: 8.1 HIGH

  • CVE-2024-11484 - A vulnerability classified as critical was found in Code4Berry Decoration Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /decoration/admin/update_image.php of the component User Image Handler. The man... read CVE-2024-11484
    Published: November 20, 2024; 11:15:19 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2024-51208 - File Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0 allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter.
    Published: November 20, 2024; 10:15:08 AM -0500

    V3.1: 7.2 HIGH

  • CVE-2024-10872 - The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template-post-custom-field` block in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping. Thi... read CVE-2024-10872
    Published: November 20, 2024; 6:15:04 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2018-9412 - In removeUnsynchronization of ID3.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
    Published: November 19, 2024; 5:15:18 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2024-6687 - The CTT Expresso para WooCommerce plugin for WordPress is vulnerable to sensitive information exposure in all versions up to and including 3.2.12 via the /wp-content/uploads/cepw directory. The generated .pdf and log files are publicly accessible ... read CVE-2024-6687
    Published: July 31, 2024; 10:15:02 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-6698 - The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.0. This is due to the plugin not properly verifying user meta updated through the update_user_meta function. This makes it possible... read CVE-2024-6698
    Published: August 01, 2024; 12:15:04 AM -0400

  • CVE-2024-5924 - Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploi... read CVE-2024-5924
    Published: June 13, 2024; 4:15:16 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2018-9411 - In decrypt of ClearKeyCasPlugin.cpp there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation.
    Published: November 19, 2024; 5:15:18 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2018-9410 - In analyzeAxes of FontUtils.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
    Published: November 19, 2024; 4:15:05 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2024-53069 - In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: fix a NULL-pointer dereference Some SCM calls can be invoked with __scm being NULL (the driver may not have been and will not be probed as there's no SCM en... read CVE-2024-53069
    Published: November 19, 2024; 1:15:26 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2024-53076 - In the Linux kernel, the following vulnerability has been resolved: iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() If per_time_scales[i] or per_time_gains[i] kcalloc fails in the for loop of iio_gts_bui... read CVE-2024-53076
    Published: November 19, 2024; 1:15:27 PM -0500

    V3.1: 5.5 MEDIUM

  • CVE-2024-53043 - In the Linux kernel, the following vulnerability has been resolved: mctp i2c: handle NULL header address daddr can be NULL if there is no neighbour table entry present, in that case the tx packet should be dropped. saddr will usually be set by ... read CVE-2024-53043
    Published: November 19, 2024; 1:15:24 PM -0500

    V3.1: 5.5 MEDIUM

Created September 20, 2022 , Updated August 27, 2024