) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
The NVD has a new announcement page with status updates, news, and how to stay connected!
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2024-0865 - CWE-798: Use of hard-coded credentials vulnerability exists that could cause local privilege escalation when logged in as a non-administrative user.
Published: June 12, 2024; 2:15:10 PM -0400V3.1: 7.8 HIGH
-
CVE-2024-6338 - The FV Flowplayer Video Player plugin for WordPress is vulnerable to time-based SQL Injection via the ‘exclude’ parameter in all versions up to, and including, 7.5.46.7212 due to insufficient escaping on the user supplied parameter and lack of suf... read CVE-2024-6338
Published: July 19, 2024; 4:15:02 AM -0400V3.1: 8.8 HIGH
-
CVE-2024-6205 - The PayPlus Payment Gateway WordPress plugin before 6.6.9 does not properly sanitise and escape a parameter before using it in a SQL statement via a WooCommerce API route available to unauthenticated users, leading to an SQL injection vulnerability.
Published: July 19, 2024; 2:15:03 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-32007 - An improper input validation of the p2c parameter in the Apache CXF JOSE code before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform a denial of service attack by specifying a large value for this parameter in a token.
Published: July 19, 2024; 5:15:04 AM -0400V3.1: 7.5 HIGH
-
CVE-2024-6901 - A vulnerability classified as critical has been found in SourceCodester Record Management System 1.0. Affected is an unknown function of the file entry.php. The manipulation of the argument school leads to sql injection. It is possible to launch t... read CVE-2024-6901
Published: July 19, 2024; 3:15:02 AM -0400V3.1: 8.8 HIGH
-
CVE-2024-6900 - A vulnerability was found in SourceCodester Record Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file edit_emp.php. The manipulation of the argument id leads to sql injection. The attack ma... read CVE-2024-6900
Published: July 19, 2024; 3:15:02 AM -0400V3.1: 8.8 HIGH
-
CVE-2024-6903 - A vulnerability, which was classified as critical, has been found in SourceCodester Record Management System 1.0. Affected by this issue is some unknown functionality of the file sort1_user.php. The manipulation of the argument position leads to s... read CVE-2024-6903
Published: July 19, 2024; 4:15:04 AM -0400V3.1: 8.8 HIGH
-
CVE-2024-6902 - A vulnerability classified as critical was found in SourceCodester Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file sort_user.php. The manipulation of the argument sort leads to sql injection. Th... read CVE-2024-6902
Published: July 19, 2024; 4:15:03 AM -0400V3.1: 8.8 HIGH
-
CVE-2024-4146 - In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located ... read CVE-2024-4146
Published: June 08, 2024; 4:15:52 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-35264 - .NET and Visual Studio Remote Code Execution Vulnerability
Published: July 09, 2024; 1:15:18 PM -0400V3.1: 8.1 HIGH
-
CVE-2024-30105 - .NET Core and Visual Studio Denial of Service Vulnerability
Published: July 09, 2024; 1:15:17 PM -0400V3.1: 7.5 HIGH
-
CVE-2024-35338 - Tenda i29V1.0 V1.0.0.5 was discovered to contain a hardcoded password for root.
Published: July 16, 2024; 12:15:04 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-33182 - Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/addWifiMacFilter.
Published: July 16, 2024; 12:15:04 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-33180 - Tenda AC18 V15.03.3.10_EN was discovered to contain a stack-based buffer overflow vulnerability via the deviceId parameter at ip/goform/saveParentControlInfo.
Published: July 16, 2024; 12:15:04 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-26279 - The wrapper extensions do not correctly validate inputs, leading to XSS vectors.
Published: July 09, 2024; 1:15:15 PM -0400V3.1: 6.1 MEDIUM
-
CVE-2024-26278 - The Custom Fields component not correctly filter inputs, leading to a XSS vector.
Published: July 09, 2024; 1:15:14 PM -0400V3.1: 6.1 MEDIUM
-
CVE-2024-4680 - A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to ma... read CVE-2024-4680
Published: June 08, 2024; 4:15:52 PM -0400V3.1: 8.8 HIGH
-
CVE-2024-35756 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CeiKay Tooltip CK tooltip-ck allows Stored XSS.This issue affects Tooltip CK: from n/a through 2.2.15.
Published: June 08, 2024; 7:15:50 AM -0400V3.1: 4.8 MEDIUM
-
CVE-2024-5759 - An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges
Published: June 12, 2024; 12:15:12 PM -0400V3.1: 6.3 MEDIUM
-
CVE-2024-37843 - Craft CMS up to v3.7.31 was discovered to contain a SQL injection vulnerability via the GraphQL API endpoint.
Published: June 25, 2024; 5:15:59 PM -0400V3.1: 9.8 CRITICAL