U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2025-31027 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jocoxdesign Tiger tiger allows Reflected XSS.This issue affects Tiger: from n/a through 2.0.
    Published: May 19, 2025; 4:15:21 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2025-48146 - Cross-Site Request Forgery (CSRF) vulnerability in Michael Lups SEO Flow by LupsOnline allows Stored XSS. This issue affects SEO Flow by LupsOnline: from n/a through 2.2.0.
    Published: May 16, 2025; 12:15:46 PM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2025-39509 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode TNC FlipBook allows Stored XSS. This issue affects TNC FlipBook: from n/a through 12.1.0.
    Published: May 16, 2025; 12:15:41 PM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2025-39507 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NasaTheme Nasa Core allows PHP Local File Inclusion. This issue affects Nasa Core: from n/a through 6.3.2.
    Published: May 16, 2025; 12:15:40 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2025-39493 - Missing Authorization vulnerability in ValvePress Rankie allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Rankie: from n/a through 1.8.0.
    Published: May 16, 2025; 12:15:40 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2025-39482 - Missing Authorization vulnerability in imithemes Eventer allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Eventer: from n/a through 3.9.6.
    Published: May 16, 2025; 12:15:40 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2025-47544 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in acowebs Dynamic Pricing With Discount Rules for WooCommerce allows Blind SQL Injection. This issue affects Dynamic Pricing With Discount Rules fo... read CVE-2025-47544
    Published: May 07, 2025; 11:16:11 AM -0400

    V3.1: 7.2 HIGH

  • CVE-2024-37826 - A NULL pointer dereference in vercot Serva v4.6.0 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
    Published: August 12, 2024; 9:38:23 AM -0400

  • CVE-2024-39702 - In lj_str_hash.c in OpenResty 1.19.3.1 through 1.25.3.1, the string hashing function (used during string interning) allows HashDoS (Hash Denial of Service) attacks. An attacker could cause excessive resource usage during proxy operations via craft... read CVE-2024-39702
    Published: July 23, 2024; 12:15:05 PM -0400

  • CVE-2025-25522 - Buffer overflow vulnerability in Linksys WAP610N v1.0.05.002 due to the lack of length verification, which is related to the time setting operation. The attacker can directly control the remote target device by successfully exploiting this vulnera... read CVE-2025-25522
    Published: February 11, 2025; 2:15:18 PM -0500

  • CVE-2025-5668 - A vulnerability classified as critical has been found in PHPGurukul Medical Card Generation System 1.0. This affects an unknown part of the file /admin/readenq.php. The manipulation of the argument ID leads to sql injection. It is possible to init... read CVE-2025-5668
    Published: June 05, 2025; 1:15:29 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2025-5639 - A vulnerability was found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The a... read CVE-2025-5639
    Published: June 05, 2025; 2:15:27 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2025-5638 - A vulnerability has been found in PHPGurukul Notice Board System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin-profile.php. The manipulation of the argument mobilenumber leads to sql ... read CVE-2025-5638
    Published: June 05, 2025; 1:15:24 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2025-5619 - A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to stack-based buffer overflo... read CVE-2025-5619
    Published: June 04, 2025; 7:15:22 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2025-5618 - A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. This vulnerability affects unknown code of the file /admin/edit-team.php. The manipulation of the argument teamid leads to sql injection. The attack c... read CVE-2025-5618
    Published: June 04, 2025; 7:15:22 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2025-5617 - A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. This affects an unknown part of the file /admin/manage-teams.php. The manipulation of the argument teamid leads to sql injection. It is possible ... read CVE-2025-5617
    Published: June 04, 2025; 7:15:21 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2025-5616 - A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/profile.php. The manipulation of the argument mobilenumber leads to sq... read CVE-2025-5616
    Published: June 04, 2025; 7:15:21 PM -0400

    V3.1: 8.8 HIGH

  • CVE-2025-5613 - A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This issue affects some unknown processing of the file /request-details.php. The manipulation of the argument requestid leads to sql injection. Th... read CVE-2025-5613
    Published: June 04, 2025; 6:15:25 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2025-5612 - A vulnerability has been found in PHPGurukul Online Fire Reporting System 1.2 and classified as critical. This vulnerability affects unknown code of the file /reporting.php. The manipulation of the argument fullname leads to sql injection. The att... read CVE-2025-5612
    Published: June 04, 2025; 5:15:41 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2025-5670 - A vulnerability, which was classified as critical, has been found in PHPGurukul Medical Card Generation System 1.0. This issue affects some unknown processing of the file /admin/manage-card.php. The manipulation of the argument ID leads to sql inj... read CVE-2025-5670
    Published: June 05, 2025; 1:15:30 PM -0400

    V3.1: 8.8 HIGH

Created September 20, 2022 , Updated August 27, 2024