NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:June 17, 2026, 4:19 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
319351	6.1	MEDIUM Network	moc	review_ratings	The Review Ratings WordPress plugin through 1.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Store…	CWE-352 Origin Validation Error	CVE-2024-8052	2024-09-28 01:55	2024-09-17	Show	GitHub Exploit DB Packet Storm

319352	5.5	MEDIUM Local	ibm	cognos_analytics cognos_analytics_reports	IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and IBM Cognos Analytics Reports for iOS 11.0.0.7 could allow a local attacker to obtain sensitive informa…	CWE-522 Insufficiently Protected Credentials	CVE-2024-40703	2024-09-28 01:49	2024-09-22	Show	GitHub Exploit DB Packet Storm

319353	5.4	MEDIUM Network	artembovkun	slider_comparison_image_before_and_after	The Slider comparison image before and after plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [sciba] shortcode in all versions up to, and including, 0.8.3 due to in…	CWE-79 Cross-site Scripting	CVE-2024-8543	2024-09-28 01:46	2024-09-10	Show	GitHub Exploit DB Packet Storm

319354	5.3	MEDIUM Network	lilmonkee	woocommerce_multiple_free_gift	The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all versions up to, and including, 1.2.3. This is due to plugin not enforcing server-side checks on the p…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2022-3459	2024-09-28 01:43	2024-09-14	Show	GitHub Exploit DB Packet Storm

319355	6.1	MEDIUM Network	iredmail	iredadmin	iRedAdmin before 2.6 allows XSS, e.g., via order_name.	CWE-79 Cross-site Scripting	CVE-2024-47227	2024-09-28 01:37	2024-09-23	Show	GitHub Exploit DB Packet Storm

319356	-	-	-	-	An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords	-	CVE-2024-46609	2024-09-28 01:35	2024-09-25	Show	GitHub Exploit DB Packet Storm

319357	7.5	HIGH Network	dataease	dataease	DataEase is an open source data visualization analysis tool. Prior to version 2.10.1, there is an XML external entity injection vulnerability in the static resource upload interface of DataEase. An a…	CWE-611 XXE	CVE-2024-46985	2024-09-28 01:35	2024-09-24	Show	GitHub Exploit DB Packet Storm

319358	6.1	MEDIUM Network	wpsimplebookingcalendar	wp_simple_booking_calendar	The WP Simple Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all v…	CWE-79 Cross-site Scripting	CVE-2024-8663	2024-09-28 01:35	2024-09-13	Show	GitHub Exploit DB Packet Storm

319359	5.4	MEDIUM Network	gitapp	dingfanzu	A vulnerability classified as problematic has been found in dingfangzu up to 29d67d9044f6f93378e6eb6ff92272217ff7225c. Affected is an unknown function of the file scripts/order.js of the component Or…	CWE-79 Cross-site Scripting	CVE-2024-9077	2024-09-28 01:31	2024-09-22	Show	GitHub Exploit DB Packet Storm

319360	5.4	MEDIUM Network	wpdeveloper	essential_addons_for_elementor	The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterabl…	CWE-79 Cross-site Scripting	CVE-2024-8742	2024-09-28 01:28	2024-09-13	Show	GitHub Exploit DB Packet Storm

319361	7.2	HIGH Network	rems	profile_registration_without_reload\/refresh	A vulnerability classified as critical has been found in SourceCodester Profile Registration without Reload Refresh 1.0. This affects an unknown part of the file del.php of the component GET Paramete…	CWE-89 SQL Injection	CVE-2024-9093	2024-09-28 01:26	2024-09-23	Show	GitHub Exploit DB Packet Storm

319362	6.1	MEDIUM Network	rems	profile_registration_without_reload\/refresh	A vulnerability was found in SourceCodester Profile Registration without Reload Refresh 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file add.php…	CWE-79 Cross-site Scripting	CVE-2024-9092	2024-09-28 01:23	2024-09-23	Show	GitHub Exploit DB Packet Storm

319363	9.8	CRITICAL Network	code-projects	student_record_system	A vulnerability was found in code-projects Student Record System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipula…	CWE-89 SQL Injection	CVE-2024-9091	2024-09-28 01:22	2024-09-23	Show	GitHub Exploit DB Packet Storm

319364	9.8	CRITICAL Network	mayurik	modern_loan_management_system	A vulnerability was found in SourceCodester Modern Loan Management System 1.0. It has been classified as critical. Affected is an unknown function of the file search_member.php. The manipulation of t…	CWE-89 SQL Injection	CVE-2024-9090	2024-09-28 01:22	2024-09-23	Show	GitHub Exploit DB Packet Storm

319365	5.4	MEDIUM Network	mayurik	modern_loan_management_system	A vulnerability was found in SourceCodester Modern Loan Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file update_loan_record.php. The manipul…	CWE-79 Cross-site Scripting	CVE-2024-9089	2024-09-28 01:21	2024-09-23	Show	GitHub Exploit DB Packet Storm

319366	7.3	HIGH Network	pluginus	fox_-_currency_switcher_professional_for_woocommerce	The The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.1. This is due to the soft…	CWE-94 Code Injection	CVE-2024-8271	2024-09-28 01:21	2024-09-14	Show	GitHub Exploit DB Packet Storm

319367	4.8	MEDIUM Network	razormist	employee_management_system	A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file /Admin/add-admin.php. The manipulation of the argum…	CWE-79 Cross-site Scripting	CVE-2024-9083	2024-09-28 01:20	2024-09-22	Show	GitHub Exploit DB Packet Storm

319368	9.8	CRITICAL Network	code-projects	restaurant_reservation_system	A vulnerability was found in code-projects Restaurant Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the …	CWE-89 SQL Injection	CVE-2024-9085	2024-09-28 01:19	2024-09-22	Show	GitHub Exploit DB Packet Storm

319369	9.8	CRITICAL Network	oretnom23	online_eyewear_shop	A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Users.phpf=save of the component …	CWE-863 Incorrect Authorization	CVE-2024-9082	2024-09-28 01:18	2024-09-22	Show	GitHub Exploit DB Packet Storm

319370	7.5	HIGH Network	oretnom23	online_eyewear_shop	A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view_category.php. The ma…	CWE-89 SQL Injection	CVE-2024-9081	2024-09-28 01:17	2024-09-22	Show	GitHub Exploit DB Packet Storm

319371	8.8	HIGH Network	dedecms	dedecms	A vulnerability was found in DedeCMS up to 5.7.115. It has been rated as critical. This issue affects some unknown processing of the file article_string_mix.php. The manipulation leads to os command …	CWE-78 OS Command	CVE-2024-9076	2024-09-28 01:14	2024-09-22	Show	GitHub Exploit DB Packet Storm

319372	7.3	HIGH Network	webliberty	simple_spoiler	The The Simple Spoiler plugin for WordPress is vulnerable to arbitrary shortcode execution in versions 1.2 to 1.3. This is due to the plugin adding the filter add_filter('comment_text', 'do_shortcode…	CWE-94 Code Injection	CVE-2024-8479	2024-09-28 01:12	2024-09-14	Show	GitHub Exploit DB Packet Storm

319373	9.8	CRITICAL Network	codezips	online_shopping_portal	A vulnerability classified as problematic was found in Codezips Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file insert-product.php. The manipulation…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2024-9038	2024-09-28 01:11	2024-09-21	Show	GitHub Exploit DB Packet Storm

319374	7.2	HIGH Network	softaculous	backuply	The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter passed to the backuply_wp_clone_sql() function in all versions up to,…	CWE-89 SQL Injection	CVE-2024-8669	2024-09-28 01:08	2024-09-14	Show	GitHub Exploit DB Packet Storm

319375	9.8	CRITICAL Network	mayurik	best_house_rental_management_system	A vulnerability, which was classified as critical, has been found in SourceCodester Best House Rental Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php…	CWE-89 SQL Injection	CVE-2024-9039	2024-09-28 00:58	2024-09-21	Show	GitHub Exploit DB Packet Storm

319376	8.8	HIGH Network	mayurik	best_house_rental_management_system	A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ajax.php?action=update_accoun…	CWE-89 SQL Injection	CVE-2024-9041	2024-09-28 00:57	2024-09-21	Show	GitHub Exploit DB Packet Storm

319377	5.4	MEDIUM Network	mayurik	best_house_rental_management_system	A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /ajax.ph…	CWE-79 Cross-site Scripting	CVE-2024-9033	2024-09-28 00:56	2024-09-21	Show	GitHub Exploit DB Packet Storm

319378	6.1	MEDIUM Network	xootix	waitlist_woocommerce	The Waitlist Woocommerce ( Back in stock notifier ) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all…	CWE-79 Cross-site Scripting	CVE-2024-8724	2024-09-28 00:56	2024-09-14	Show	GitHub Exploit DB Packet Storm

319379	9.8	CRITICAL Network	code-projects	blood_bank_system	A vulnerability classified as critical was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file /admin/blood/update/o-.php. The manipulation of the argume…	CWE-89 SQL Injection	CVE-2024-9094	2024-09-28 00:54	2024-09-23	Show	GitHub Exploit DB Packet Storm

319380	5.5	MEDIUM Local	code-projects	blood_bank_management_system	A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the component Password Handler. The manipulation lea…	CWE-312 Cleartext Storage of Sensitive Information	CVE-2024-9040	2024-09-28 00:53	2024-09-21	Show	GitHub Exploit DB Packet Storm

319381	5.4	MEDIUM Network	wpgogo	custom_field_template	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field …	CWE-79 Cross-site Scripting	CVE-2024-44062	2024-09-28 00:49	2024-09-15	Show	GitHub Exploit DB Packet Storm

319382	6.1	MEDIUM Network	mohammadarif	opor_ayam	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mohammad Arif Opor Ayam allows Reflected XSS.This issue affects Opor Ayam: from n/a throug…	CWE-79 Cross-site Scripting	CVE-2024-44053	2024-09-28 00:32	2024-09-15	Show	GitHub Exploit DB Packet Storm

319383	4.8	MEDIUM Network	acquia	mautic	With access to edit a Mautic form, the attacker can add Cross-Site Scripting stored in the html filed. This could be used to steal sensitive information from the user's current session.	CWE-79 Cross-site Scripting	CVE-2024-47058	2024-09-28 00:31	2024-09-19	Show	GitHub Exploit DB Packet Storm

319384	6.1	MEDIUM Network	acquia	mautic	Prior to this patch being applied, Mautic's tracking was vulnerable to Cross-Site Scripting through the Page URL variable.	CWE-79 Cross-site Scripting	CVE-2024-47050	2024-09-28 00:29	2024-09-19	Show	GitHub Exploit DB Packet Storm

319385	8.8	HIGH Network	purestorage	purity\/\/fa purity\/\/fb	A condition exists in FlashArray and FlashBlade Purity whereby a malicious user could execute arbitrary commands remotely through a specifically crafted SNMP configuration.	CWE-77 Command Injection	CVE-2024-0005	2024-09-28 00:25	2024-09-24	Show	GitHub Exploit DB Packet Storm

319386	5.4	MEDIUM Network	acquia	mautic	Prior to this patch, a stored XSS vulnerability existed in the contact tracking and page hits report.	CWE-79 Cross-site Scripting	CVE-2021-27917	2024-09-28 00:13	2024-09-19	Show	GitHub Exploit DB Packet Storm

319387	-	-	-	-	WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality.	-	CVE-2024-37779	2024-09-27 23:35	2024-09-24	Show	GitHub Exploit DB Packet Storm

319388	5.4	MEDIUM Network	happyforms	happyforms	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0.	CWE-79 Cross-site Scripting	CVE-2024-44063	2024-09-27 23:31	2024-09-15	Show	GitHub Exploit DB Packet Storm

319389	7.2	HIGH Network	purestorage	purity\/\/fa	A condition exists in FlashArray Purity whereby an user with array admin role can execute arbitrary commands remotely to escalate privilege on the array.	CWE-94 Code Injection	CVE-2024-0004	2024-09-27 23:24	2024-09-24	Show	GitHub Exploit DB Packet Storm

319390	7.2	HIGH Network	purestorage	purity\/\/fa	A condition exists in FlashArray Purity whereby a malicious user could use a remote administrative service to create an account on the array allowing privileged access.	NVD-CWE-noinfo	CVE-2024-0003	2024-09-27 23:23	2024-09-24	Show	GitHub Exploit DB Packet Storm

319391	9.8	CRITICAL Network	purestorage	purity\/\/fa	A condition exists in FlashArray Purity whereby an attacker can employ a privileged account allowing remote access to the array.	NVD-CWE-noinfo	CVE-2024-0002	2024-09-27 23:13	2024-09-24	Show	GitHub Exploit DB Packet Storm

319392	9.8	CRITICAL Network	purestorage	purity\/\/fa	A condition exists in FlashArray Purity whereby a local account intended for initial array configuration remains active potentially allowing a malicious actor to gain elevated privileges.	CWE-1188 Insecure Default Initialization of Resource	CVE-2024-0001	2024-09-27 23:08	2024-09-24	Show	GitHub Exploit DB Packet Storm

319393	6.1	MEDIUM Network	jenniferhall	filmix	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jennifer Hall Filmix allows Reflected XSS.This issue affects Filmix: from n/a through 1.1.	CWE-79 Cross-site Scripting	CVE-2024-44060	2024-09-27 23:04	2024-09-15	Show	GitHub Exploit DB Packet Storm

319394	6.1	MEDIUM Network	averta	phlox	The Phlox PRO theme for WordPress is vulnerable to Reflected Cross-Site Scripting via search parameters in all versions up to, and including, 5.16.4 due to insufficient input sanitization and output …	CWE-79 Cross-site Scripting	CVE-2024-6339	2024-09-27 23:04	2024-08-21	Show	GitHub Exploit DB Packet Storm

319395	6.1	MEDIUM Network	wpbookingsystem	wp_booking_system	The WP Booking System – Booking Calendar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the UR…	CWE-79 Cross-site Scripting	CVE-2024-8797	2024-09-27 23:02	2024-09-14	Show	GitHub Exploit DB Packet Storm

319396	5.4	MEDIUM Network	bricksbuilder	bricks	The Bricks theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘customTag' attribute in versions up to, and including, 1.10.1 due to insufficient input sanitization and output es…	CWE-79 Cross-site Scripting	CVE-2023-3410	2024-09-27 22:58	2024-09-14	Show	GitHub Exploit DB Packet Storm

319397	8.8	HIGH Network	idehweb	login_with_phone_number	The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check o…	NVD-CWE-noinfo	CVE-2024-6482	2024-09-27 22:54	2024-09-14	Show	GitHub Exploit DB Packet Storm

319398	5.5	MEDIUM Network	ibericode	mailchimp	The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.9.16 due to insufficient input sanitiza…	CWE-79 Cross-site Scripting	CVE-2024-8680	2024-09-27 22:53	2024-09-21	Show	GitHub Exploit DB Packet Storm

319399	6.1	MEDIUM Network	github	enterprise_server	A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social enginee…	CWE-79 Cross-site Scripting	CVE-2024-8770	2024-09-27 22:49	2024-09-24	Show	GitHub Exploit DB Packet Storm

319400	6.1	MEDIUM Network	boopathirajan	wp_test_email	The WP Test Email plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.…	CWE-79 Cross-site Scripting	CVE-2024-8664	2024-09-27 22:48	2024-09-13	Show	GitHub Exploit DB Packet Storm