NVD

Icon for New NVD Communications and Status Updates Page

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2024-11703 - On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133.
Published: November 26, 2024; 9:15:19 AM -0500
CVE-2024-11702 - Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133.
Published: November 26, 2024; 9:15:19 AM -0500
CVE-2024-11701 - The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133.
Published: November 26, 2024; 9:15:19 AM -0500
CVE-2024-11088 - The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive... read CVE-2024-11088
Published: November 21, 2024; 9:15:08 AM -0500

V3.1: 7.5 HIGH
CVE-2024-43328 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPDeveloper EmbedPress allows PHP Local File Inclusion.This issue affects EmbedPress: from n/a through 4.0.9.
Published: August 19, 2024; 4:15:07 PM -0400

V3.1: 9.8 CRITICAL
CVE-2024-6497 - The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 12.3.19 due to insufficient input sanitization and output escaping. This makes it possib... read CVE-2024-6497
Published: July 20, 2024; 5:15:10 AM -0400

V3.1: 6.1 MEDIUM
CVE-2024-39090 - The PHPGurukul Online Shopping Portal Project version 2.0 contains a vulnerability that allows Cross-Site Request Forgery (CSRF) to lead to Stored Cross-Site Scripting (XSS). An attacker can exploit this vulnerability to execute arbitrary JavaScri... read CVE-2024-39090
Published: July 18, 2024; 4:15:04 PM -0400
CVE-2024-6470 - A vulnerability was found in playSMS 1.4.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php?app=main&inc=feature_inboxgroup&op=list of the component Template Handler. The manipulation o... read CVE-2024-6470
Published: July 03, 2024; 9:15:03 AM -0400

V3.1: 2.7 LOW
CVE-2024-6416 - A vulnerability was found in SeaCMS 12.9. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /js/player/dmplayer/dmku/?ac=edit. The manipulation of the argument cid with the input (select(0)fro... read CVE-2024-6416
Published: June 30, 2024; 6:15:02 PM -0400

V3.1: 9.8 CRITICAL
CVE-2024-5276 - A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltrati... read CVE-2024-5276
Published: June 25, 2024; 4:15:14 PM -0400

V3.1: 9.1 CRITICAL
CVE-2024-4455 - The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible ... read CVE-2024-4455
Published: May 24, 2024; 7:15:09 AM -0400

V3.1: 6.1 MEDIUM
CVE-2024-5688 - If a garbage collection was triggered at the right time, a use-after-free could have occurred during object transplant. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12.
Published: June 11, 2024; 9:15:50 AM -0400
CVE-2014-4077 - Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via... read CVE-2014-4077
Published: November 11, 2014; 5:55:04 PM -0500

V3.1: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2014-4148 - win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote at... read CVE-2014-4148
Published: October 15, 2014; 6:55:08 AM -0400

V3.1: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2015-0016 - Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows re... read CVE-2015-0016
Published: January 13, 2015; 5:59:07 PM -0500

V3.1: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2009-3129 - Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, an... read CVE-2009-3129
Published: November 11, 2009; 2:30:00 PM -0500

V3.1: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-0167 - The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafte... read CVE-2016-0167
Published: April 12, 2016; 7:59:30 PM -0400

V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2016-7255 - The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to ... read CVE-2016-7255
Published: November 10, 2016; 2:00:09 AM -0500

V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2019-0808 - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0797.
Published: April 08, 2019; 11:29:00 PM -0400

V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2020-1464 - A spoofing vulnerability exists when Windows incorrectly validates file signatures. An attacker who successfully exploited this vulnerability could bypass security features and load improperly signed files. In an attack scenario, an attacker could... read CVE-2020-1464
Published: August 17, 2020; 3:15:14 PM -0400

V2.0: 2.1 LOW

Created September 20, 2022 , Updated August 27, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: