Location via proxy:   
[Report a bug]   [Manage cookies]                
U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2024-8473 - Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through user_email parameter... read CVE-2024-8473
    Published: September 05, 2024; 9:15:15 AM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2024-8472 - Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through multiple parameters ... read CVE-2024-8472
    Published: September 05, 2024; 9:15:15 AM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2024-8471 - Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through JOBID and USERNAME p... read CVE-2024-8471
    Published: September 05, 2024; 9:15:14 AM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2024-8470 - SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/vacancy/controller.php, and retrieve all the information stored in it.
    Published: September 05, 2024; 9:15:14 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-8469 - SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/employee/index.php, and retrieve all the information stored in it.
    Published: September 05, 2024; 9:15:14 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-8468 - SQL injection vulnerability, by which an attacker could send a specially designed query through search parameter in /jobportal/index.php, and retrieve all the information stored in it.
    Published: September 05, 2024; 9:15:13 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-8467 - SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/category/index.php, and retrieve all the information stored in it.
    Published: September 05, 2024; 9:15:13 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-8466 - SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/category/controller.php, and retrieve all the information stored in it.
    Published: September 05, 2024; 9:15:13 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-8465 - SQL injection vulnerability, by which an attacker could send a specially designed query through user_id parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it.
    Published: September 05, 2024; 9:15:13 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-8464 - SQL injection vulnerability, by which an attacker could send a specially designed query through JOBREGID parameter in /jobportal/admin/applicants/controller.php, and retrieve all the information stored in it.
    Published: September 05, 2024; 9:15:12 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-7381 - The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajax__shortcode_cache function in all versions up to, and including, 8.6.9. This makes it possible ... read CVE-2024-7381
    Published: September 05, 2024; 7:15:13 AM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2024-7380 - The Geo Controller plugin for WordPress is vulnerable to unauthorized menu creation/deletion due to missing capability checks on the ajax__geolocate_menu and ajax__geolocate_remove_menu functions in all versions up to, and including, 8.6.9. This m... read CVE-2024-7380
    Published: September 05, 2024; 7:15:12 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2024-38176 - An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network.
    Published: July 23, 2024; 6:15:08 PM -0400

    V3.1: 8.1 HIGH

  • CVE-2024-38164 - An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.
    Published: July 23, 2024; 6:15:08 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2023-7279 - A vulnerability has been found in Secure Systems Engineering Connaisseur up to 3.3.0 and classified as problematic. This vulnerability affects unknown code of the file connaisseur/res/targets_schema.json of the component Delegation Name Handler. T... read CVE-2023-7279
    Published: September 02, 2024; 2:15:21 PM -0400

    V3.1: 5.9 MEDIUM

  • CVE-2020-36830 - A vulnerability was found in nescalante urlregex up to 0.5.0 and classified as problematic. This issue affects some unknown processing of the file index.js of the component Backtracking. The manipulation leads to inefficient regular expression com... read CVE-2020-36830
    Published: September 02, 2024; 2:15:20 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-38402 - Memory corruption while processing IOCTL call for getting group info.
    Published: September 02, 2024; 8:15:19 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-7012 - An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's mod_proxy not properly unsetting headers because of restrict... read CVE-2024-7012
    Published: September 04, 2024; 10:15:14 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-45692 - Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.
    Published: September 04, 2024; 7:15:12 PM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-32668 - An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code executi... read CVE-2024-32668
    Published: September 05, 2024; 1:15:13 AM -0400

    V3.1: 8.2 HIGH

Created September 20, 2022 , Updated August 27, 2024