U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

Time Period New CVEs Received by NVD New CVEs Analyzed by NVD Modified CVEs Received by NVD Modified CVEs Re-analyzed by NVD
Today {{data.count}}
This Week {{data.count}}
This Month {{data.count}}
Last Month {{data.count}}
This Year {{data.count}}

CVE Status Count

Please Wait

CVE Status Count

{{data.name}} {{data.count}}

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}

CVSS V2 Score Distribution

Severity Number of Vulns
{{data.name}} {{data.count}}


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2025-2704 - OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase
    Published: April 02, 2025; 5:15:32 PM -0400

  • CVE-2024-13591 - The Team Builder For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'team-builder-vc' shortcode in all versions up to, and including, 1.0 due to insufficient input... read CVE-2024-13591
    Published: February 19, 2025; 3:15:16 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2024-13592 - The Team Builder For WPBakery Page Builder(Formerly Visual Composer) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'team-builder-vc' shortcode. This makes it possible for authenticated... read CVE-2024-13592
    Published: February 19, 2025; 3:15:17 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2024-13402 - The Buddyboss Platform plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link_title’ parameter in all versions up to, and including, 2.7.70 due to insufficient input sanitization and output escaping. This makes it possible... read CVE-2024-13402
    Published: February 27, 2025; 8:15:09 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2024-12723 - The Infility Global WordPress plugin through 2.9.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
    Published: January 28, 2025; 1:15:31 AM -0500

  • CVE-2024-57587 - Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to /api/auth/login.
    Published: January 31, 2025; 5:15:13 PM -0500

  • CVE-2024-55062 - Code Injection vulnerability in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote unauthenticated attackers to execute arbitrary code to /api/license/sendlicense/.
    Published: January 31, 2025; 5:15:10 PM -0500

  • CVE-2024-53357 - Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote authenticated attackers, with low privileges, to (1) add an admin user via the /api/user/addalias route; (2) modifiy a user via the /api/user/u... read CVE-2024-53357
    Published: January 31, 2025; 5:15:09 PM -0500

  • CVE-2024-54852 - When LDAP connection is activated in Teedy versions between 1.9 to 1.12, the username field of the login form is vulnerable to LDAP injection. Due to improper sanitization of user input, an unauthenticated attacker is then able to perform various ... read CVE-2024-54852
    Published: January 29, 2025; 5:15:29 PM -0500

  • CVE-2025-4810 - A vulnerability was found in Tenda AC7 15.03.06.44. It has been declared as critical. Affected by this vulnerability is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument reboot_time leads to stack... read CVE-2025-4810
    Published: May 16, 2025; 5:15:35 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2025-4809 - A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function fromSafeSetMacFilter of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer over... read CVE-2025-4809
    Published: May 16, 2025; 4:15:22 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2025-4851 - A vulnerability classified as critical was found in TOTOLINK N300RH 6.1c.1390_B20191101. This vulnerability affects the function setUploadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injecti... read CVE-2025-4851
    Published: May 18, 2025; 12:15:23 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2025-4850 - A vulnerability classified as critical has been found in TOTOLINK N300RH 6.1c.1390_B20191101. This affects the function setUnloadUserData of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument plugin_name leads to command injection. It... read CVE-2025-4850
    Published: May 17, 2025; 11:15:23 PM -0400

    V3.1: 6.3 MEDIUM

  • CVE-2025-4849 - A vulnerability was found in TOTOLINK N300RH 6.1c.1390_B20191101. It has been rated as critical. Affected by this issue is the function CloudACMunualUpdateUserdata of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument url leads to com... read CVE-2025-4849
    Published: May 17, 2025; 11:15:23 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2025-45862 - TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow via the interfacenameds parameter in the formDhcpv6s interface.
    Published: May 20, 2025; 10:15:49 AM -0400

  • CVE-2025-45513 - Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.P2pListFilter.
    Published: May 09, 2025; 12:15:24 PM -0400

  • CVE-2024-26952 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix potencial out-of-bounds when buffer offset is invalid I found potencial out-of-bounds when buffer offset fields of a few requests is invalid. This patch set the minim... read CVE-2024-26952
    Published: May 01, 2024; 2:15:11 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2023-44466 - An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrus... read CVE-2023-44466
    Published: September 29, 2023; 2:15:11 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2024-27018 - In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: skip conntrack input hook for promisc packets For historical reasons, when bridge device is in promisc mode, packets that are directed to the taps follo... read CVE-2024-27018
    Published: May 01, 2024; 2:15:20 AM -0400

    V3.1: 7.8 HIGH

  • CVE-2022-48735 - In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix UAF of leds class devs at unbinding The LED class devices that are created by HD-audio codec drivers are registered via devm_led_classdev_register() and associate... read CVE-2022-48735
    Published: June 20, 2024; 8:15:11 AM -0400

    V3.1: 7.8 HIGH