NVD Dashboard
CVEs Received and Processed
Time Period | New CVEs Received by NVD | New CVEs Analyzed by NVD | Modified CVEs Received by NVD | Modified CVEs Re-analyzed by NVD |
---|---|---|---|---|
Today | {{data.count}} | |||
This Week | {{data.count}} | |||
This Month | {{data.count}} | |||
Last Month | {{data.count}} | |||
This Year | {{data.count}} |
CVE Status Count
{{data.name}} | {{data.count}} |
NVD Contains
CVE Vulnerabilities | 263482 |
Checklists | 797 |
US-CERT Alerts | 249 |
US-CERT Vuln Notes | 4486 |
OVAL Queries | 10286 |
CPE Names | 1303415 |
CVSS V3 Score Distribution
Severity | Number of Vulns |
---|---|
{{data.name}} | {{data.count}} |
CVSS V2 Score Distribution
Severity | Number of Vulns |
---|---|
{{data.name}} | {{data.count}} |
For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
-
CVE-2024-46049 - Tenda O6 V3.0 firmware V1.0.0.7(2054) contains a stack overflow vulnerability in the formexeCommand function.
Published: September 13, 2024; 10:15:14 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-46048 - Tenda FH451 v1.0.0.9 has a command injection vulnerability in the formexeCommand function i
Published: September 13, 2024; 10:15:14 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-46047 - Tenda FH451 v1.0.0.9 has a stack overflow vulnerability in the fromDhcpListClient function.
Published: September 13, 2024; 10:15:14 AM -0400V3.1: 7.5 HIGH
-
CVE-2024-46046 - Tenda FH451 v1.0.0.9 has a stack overflow vulnerability located in the RouteStatic function.
Published: September 13, 2024; 10:15:14 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-46045 - Tenda CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the frmL7PlotForm function.
Published: September 13, 2024; 10:15:14 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-46044 - CH22 V1.0.0.6(468) has a stack overflow vulnerability located in the fromqossetting function.
Published: September 13, 2024; 10:15:13 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-6080 - A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code of the component incontrolWebcam Service. The manipulation leads to unquoted search path. Local access is required to approach... read CVE-2024-6080
Published: June 17, 2024; 7:15:51 PM -0400V3.1: 7.8 HIGH
-
CVE-2024-4551 - The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the display function. This makes it possible for authenticated attackers, w... read CVE-2024-4551
Published: June 15, 2024; 5:15:12 AM -0400V3.1: 8.8 HIGH
-
CVE-2024-4450 - The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the ImportAjaxController.php file in all versions up to, and including, 3.3.5. This m... read CVE-2024-4450
Published: June 19, 2024; 12:15:11 AM -0400V3.1: 6.3 MEDIUM
-
CVE-2024-4258 - The Video Gallery – YouTube Playlist, Channel Gallery by YotuWP plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.13 via the settings parameter. This makes it possible for unauthenticated attacker... read CVE-2024-4258
Published: June 15, 2024; 5:15:12 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-2381 - The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_save_image function in all versions up to, and including, 3.3.5. This makes it possible for ... read CVE-2024-2381
Published: June 19, 2024; 12:15:10 AM -0400V3.1: 8.8 HIGH
-
CVE-2024-45040 - gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs ... read CVE-2024-45040
Published: September 06, 2024; 9:15:04 AM -0400V3.1: 5.9 MEDIUM
-
CVE-2024-45039 - gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. A... read CVE-2024-45039
Published: September 06, 2024; 9:15:04 AM -0400V3.1: 6.2 MEDIUM
-
CVE-2024-7717 - The WP Events Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘order’ parameter in all versions up to, and including, 2.1.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparat... read CVE-2024-7717
Published: August 31, 2024; 5:15:07 AM -0400V3.1: 8.8 HIGH
-
CVE-2022-4100 - The WP Cerber Security plugin for WordPress is vulnerable to IP Protection bypass in versions up to, and including 9.4 due to the plugin improperly checking for a visitor's IP address. This makes it possible for an attacker whose IP address has be... read CVE-2022-4100
Published: August 31, 2024; 5:15:03 AM -0400V3.1: 5.3 MEDIUM
-
CVE-2022-4536 - The IP Vault – WP Firewall plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and log... read CVE-2022-4536
Published: August 31, 2024; 5:15:04 AM -0400V3.1: 5.3 MEDIUM
-
CVE-2024-7895 - The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in all versions up to, and including, 2.8.3.5 due to insufficient input sanitization and output escaping. This m... read CVE-2024-7895
Published: August 29, 2024; 7:15:29 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-1384 - The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'aux_recent_portfolios_grid' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitiza... read CVE-2024-1384
Published: August 29, 2024; 9:15:05 AM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-3679 - The Premium SEO Pack – WP SEO Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.001. This makes it possible for unauthenticated attackers to view limited information from password... read CVE-2024-3679
Published: August 29, 2024; 9:15:06 AM -0400V3.1: 7.5 HIGH
-
CVE-2024-1056 - The FunnelKit Funnel Builder Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'allow_iframe_tag_in_post' function which uses the 'wp_kses_allowed_html' filter to globally allow script and iframe tags in posts in all ve... read CVE-2024-1056
Published: August 29, 2024; 10:15:08 AM -0400V3.1: 5.4 MEDIUM