U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2024-57598 - A floating point exception (divide-by-zero) vulnerability was discovered in Bento4 1.6.0-641 in function AP4_TfraAtom() of Ap4TfraAtom.cpp which allows a remote attacker to cause a denial of service vulnerability.
    Published: February 05, 2025; 5:15:33 PM -0500

  • CVE-2024-25839 - An issue was discovered in Webbax "Super Newsletter" (supernewsletter) module for PrestaShop versions 1.4.21 and before, allows local attackers to escalate privileges and obtain sensitive information.
    Published: March 03, 2024; 4:15:06 AM -0500

  • CVE-2024-24302 - An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the postProcess(... read CVE-2024-24302
    Published: March 03, 2024; 4:15:06 AM -0500

  • CVE-2024-24307 - Path Traversal vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows a remote attacker to escalate privileges and obtain sensitive information via the ajaxProcessCropImage() method.
    Published: March 03, 2024; 3:15:08 AM -0500

  • CVE-2024-25438 - A cross-site scripting (XSS) vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function.
    Published: March 01, 2024; 6:15:08 PM -0500

  • CVE-2024-27734 - A Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows an attacker to execute arbitrary code via a crafted script to the Site Name fields of the Site Settings component.
    Published: March 01, 2024; 12:15:07 PM -0500

  • CVE-2024-25843 - In the module "Import/Update Bulk Product from any Csv/Excel File Pro" (ba_importer) up to version 1.1.28 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions.
    Published: February 27, 2024; 12:15:12 PM -0500

  • CVE-2024-13896 - The WP-GeSHi-Highlight — rock-solid syntax highlighting for 259 languages WordPress plugin through 1.4.3 processes user-supplied input as a regular expression via the wp_geshi_filter_replace_code() function, which could lead to Regular Expression ... read CVE-2024-13896
    Published: April 10, 2025; 3:15:41 AM -0400

  • CVE-2024-13628 - The WP Pricing Table WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
    Published: February 26, 2025; 8:15:37 AM -0500

  • CVE-2024-13624 - The WPMovieLibrary WordPress plugin through 2.1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
    Published: February 26, 2025; 8:15:37 AM -0500

  • CVE-2024-13571 - The Post Timeline WordPress plugin before 2.3.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
    Published: February 26, 2025; 8:15:36 AM -0500

  • CVE-2024-13113 - The Countdown Timer for Elementor WordPress plugin before 1.3.7 does not sanitise and escape some parameters when outputting them on the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks.
    Published: February 26, 2025; 8:15:36 AM -0500

  • CVE-2024-12878 - The Custom Block Builder WordPress plugin before 3.8.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
    Published: February 26, 2025; 8:15:36 AM -0500

  • CVE-2024-10483 - The Simple:Press Forum WordPress plugin before 6.10.11 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting.
    Published: February 26, 2025; 8:15:35 AM -0500

  • CVE-2024-10152 - The Simple Certain Time to Show Content WordPress plugin before 1.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such... read CVE-2024-10152
    Published: February 26, 2025; 8:15:34 AM -0500

  • CVE-2024-10545 - The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.9 does not sanitise and escape some of its Image settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the un... read CVE-2024-10545
    Published: February 25, 2025; 1:15:23 AM -0500

  • CVE-2024-12173 - The Master Slider WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capab... read CVE-2024-12173
    Published: February 19, 2025; 1:15:21 AM -0500

  • CVE-2025-4059 - A vulnerability classified as critical was found in code-projects Prison Management System 1.0. This vulnerability affects the function addrecord of the component Prison_Mgmt_Sys. The manipulation of the argument filename leads to stack-based buff... read CVE-2025-4059
    Published: April 29, 2025; 8:15:32 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2025-4058 - A vulnerability classified as critical has been found in Projectworlds Online Examination System 1.0. This affects an unknown part of the file /Bloodgroop_process.php. The manipulation of the argument Pat_BloodGroup1 leads to sql injection. It is ... read CVE-2025-4058
    Published: April 29, 2025; 8:15:32 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2025-3250 - A vulnerability, which was classified as problematic, has been found in elunez eladmin 2.7. Affected by this issue is some unknown functionality of the file /api/database/testConnect of the component Maintenance Management Module. The manipulation... read CVE-2025-3250
    Published: April 04, 2025; 11:15:51 AM -0400

    V3.1: 6.5 MEDIUM

Created September 20, 2022 , Updated August 27, 2024