U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
NOTICE UPDATED - May, 29th 2024

The NVD has a new announcement page with status updates, news, and how to stay connected!

The letters N V D typed out in binary
New 2.0 APIs
Emphasis on APIs for web automation
Change Timeline
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2024-35655 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brave Brave Popup Builder allows Stored XSS.This issue affects Brave Popup Builder: from n/a through 0.6.8.
    Published: June 04, 2024; 10:15:13 AM -0400

    V3.1: 4.8 MEDIUM

  • CVE-2024-35664 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPvivid Team WPvivid Backup for MainWP allows Reflected XSS.This issue affects WPvivid Backup for MainWP: from n/a through 0.9.32.
    Published: June 04, 2024; 10:15:13 AM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2024-35666 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows Stored XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.1.2.
    Published: June 04, 2024; 10:15:13 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-35668 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue allows Reflected XSS.This issue affects Newsletter, SMTP, Email ... read CVE-2024-35668
    Published: June 04, 2024; 10:15:13 AM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2024-35700 - Improper Privilege Management vulnerability in DeluxeThemes Userpro allows Privilege Escalation.This issue affects Userpro: from n/a through 5.1.8.
    Published: June 04, 2024; 10:15:14 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-35782 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through 1.1.1.
    Published: June 04, 2024; 10:15:14 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-0756 - The Insert or Embed Articulate Content into WordPress plugin through 4.3000000023 lacks validation of URLs when adding iframes, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page.
    Published: June 04, 2024; 11:15:44 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-34905 - FlyFish v3.0.0 was discovered to contain a buffer overflow via the password parameter on the login page. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
    Published: May 16, 2024; 11:15:47 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2024-34913 - An arbitrary file upload vulnerability in r-pan-scaffolding v5.0 and below allows attackers to execute arbitrary code via uploading a crafted PDF file.
    Published: May 15, 2024; 4:15:13 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-34906 - An arbitrary file upload vulnerability in dootask v0.30.13 allows attackers to execute arbitrary code via uploading a crafted PDF file.
    Published: May 15, 2024; 4:15:13 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2023-42097 - Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulner... read CVE-2023-42097
    Published: May 02, 2024; 11:15:46 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2023-42096 - Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this ... read CVE-2023-42096
    Published: May 02, 2024; 11:15:46 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2023-42095 - Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit ... read CVE-2023-42095
    Published: May 02, 2024; 11:15:46 PM -0400

    V3.1: 3.3 LOW

  • CVE-2023-42094 - Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulner... read CVE-2023-42094
    Published: May 02, 2024; 11:15:46 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2023-42093 - Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit th... read CVE-2023-42093
    Published: May 02, 2024; 11:15:46 PM -0400

    V3.1: 3.3 LOW

  • CVE-2023-42092 - Foxit PDF Reader Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulner... read CVE-2023-42092
    Published: May 02, 2024; 11:15:46 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2023-42091 - Foxit PDF Reader XFA Doc Object Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vu... read CVE-2023-42091
    Published: May 02, 2024; 11:15:45 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2023-42090 - Foxit PDF Reader XFA Doc Object Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to ex... read CVE-2023-42090
    Published: May 02, 2024; 11:15:45 PM -0400

    V3.1: 7.1 HIGH

  • CVE-2023-42089 - Foxit PDF Reader templates Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit thi... read CVE-2023-42089
    Published: May 02, 2024; 11:15:45 PM -0400

    V3.1: 7.8 HIGH

  • CVE-2024-26933 - In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port "disable" sysfs attribute The show and store callback routines for the "disable" sysfs attribute file in port.c acquire the device lock for the p... read CVE-2024-26933
    Published: May 01, 2024; 2:15:07 AM -0400

    V3.1: 7.8 HIGH

Created September 20, 2022 , Updated May 29, 2024