NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:June 17, 2026, 4:19 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
319451	5.4	MEDIUM Network	rocket.chat	rocket.chat	Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and earlier allows stored XSS in the description and release notes of the marketplace and private apps.	CWE-79 Cross-site Scripting	CVE-2024-47048	2024-09-27 02:12	2024-09-25	Show	GitHub Exploit DB Packet Storm

319452	6.1	MEDIUM Network	xplodedthemes	xt_ajax_add_to_cart_for_woocommerce	The XT Ajax Add To Cart for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up…	CWE-79 Cross-site Scripting	CVE-2024-8716	2024-09-27 02:03	2024-09-24	Show	GitHub Exploit DB Packet Storm

319453	6.1	MEDIUM Network	castos	seriously_simple_stats	The Seriously Simple Stats plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and incl…	CWE-79 Cross-site Scripting	CVE-2024-8738	2024-09-27 01:48	2024-09-24	Show	GitHub Exploit DB Packet Storm

319454	7.3	HIGH Network	pluginus	wordpress_meta_data_and_taxonomies_filter	The The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.3.3.3. This is due to the software allowing …	CWE-94 Code Injection	CVE-2024-8623	2024-09-27 01:46	2024-09-24	Show	GitHub Exploit DB Packet Storm

319455	8.8	HIGH Network	ba-booking	ba_book_everything	The BA Book Everything plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.20. This is due to missing or incorrect nonce validation on the my_ac…	CWE-352 Origin Validation Error	CVE-2024-8795	2024-09-27 01:46	2024-09-24	Show	GitHub Exploit DB Packet Storm

319456	9.9	CRITICAL Network	pluginus	wordpress_meta_data_and_taxonomies_filter	The MDTF – Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'meta_key' attribute of the 'mdf_select_title' shortcode in all versions up to, and including, 1…	CWE-89 SQL Injection	CVE-2024-8624	2024-09-27 01:45	2024-09-24	Show	GitHub Exploit DB Packet Storm

319457	5.4	MEDIUM Network	wpcodeus	advanced_sermons	The Advanced Sermons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sermon_video_embed’ parameter in all versions up to, and including, 3.3 due to insufficient input sanit…	CWE-79 Cross-site Scripting	CVE-2024-7599	2024-09-27 01:45	2024-09-6	Show	GitHub Exploit DB Packet Storm

319458	5.4	MEDIUM Network	mailoptin	mailoptin	The Popup, Optin Form & Email Newsletters for Mailchimp, HubSpot, AWeber – MailOptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'post-meta' shortcode in all ve…	CWE-79 Cross-site Scripting	CVE-2024-8628	2024-09-27 01:42	2024-09-24	Show	GitHub Exploit DB Packet Storm

319459	9.1	CRITICAL Network	exthemes	wooevents	The WooEvents - Calendar and Event Booking plugin for WordPress is vulnerable to arbitrary file overwrite due to insufficient file path validation in the inc/barcode.php file in all versions up to, a…	CWE-22 Path Traversal	CVE-2024-8671	2024-09-27 01:38	2024-09-24	Show	GitHub Exploit DB Packet Storm

319460	5.4	MEDIUM Network	wp-brandtheme	preloader_plus	The Preloader Plus – WordPress Loading Screen Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.2.1 due to insuffic…	CWE-79 Cross-site Scripting	CVE-2024-6849	2024-09-27 01:36	2024-09-7	Show	GitHub Exploit DB Packet Storm

319461	-	-	-	-	Directory Traversal vulnerability in Centro de Tecnologia da Informaco Renato Archer InVesalius3 v3.1.99995 allows attackers to write arbitrary files unto the system via a crafted .inv3 file.	-	CVE-2024-44825	2024-09-27 01:35	2024-09-26	Show	GitHub Exploit DB Packet Storm

319462	9.8	CRITICAL Network	code-projects	student_record_system	A vulnerability was found in code-projects Student Record System 1.0. It has been classified as critical. Affected is an unknown function of the file /pincode-verification.php. The manipulation of th…	CWE-89 SQL Injection	CVE-2024-9080	2024-09-27 01:32	2024-09-22	Show	GitHub Exploit DB Packet Storm

319463	9.8	CRITICAL Network	code-projects	student_record_system	A vulnerability was found in code-projects Student Record System 1.0 and classified as critical. This issue affects some unknown processing of the file /marks.php. The manipulation of the argument co…	CWE-89 SQL Injection	CVE-2024-9079	2024-09-27 01:32	2024-09-22	Show	GitHub Exploit DB Packet Storm

319464	9.8	CRITICAL Network	code-projects	student_record_system	A vulnerability has been found in code-projects Student Record System 1.0 and classified as critical. This vulnerability affects unknown code of the file /course.php. The manipulation of the argument…	CWE-89 SQL Injection	CVE-2024-9078	2024-09-27 01:31	2024-09-22	Show	GitHub Exploit DB Packet Storm

319465	4.3	MEDIUM Network	infiniteuploads	big_file_uploads	The Big File Uploads – Increase Maximum File Upload Size plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.1.2. This is due the plugin not sanitizing …	CWE-22 Path Traversal	CVE-2024-8538	2024-09-27 01:28	2024-09-7	Show	GitHub Exploit DB Packet Storm

319466	9.8	CRITICAL Network	wpcharitable	charitable	The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. Thi…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2024-8791	2024-09-27 01:25	2024-09-24	Show	GitHub Exploit DB Packet Storm

319467	5.3	MEDIUM Network	ba-booking	ba_book_everything	The BA Book Everything plugin for WordPress is vulnerable to arbitrary password reset in all versions up to, and including, 1.6.20. This is due to the reset_user_password() function not verifying a u…	NVD-CWE-Other	CVE-2024-8794	2024-09-27 01:23	2024-09-24	Show	GitHub Exploit DB Packet Storm

319468	6.1	MEDIUM Network	ninjaforms	ninja_forms_file_uploads	The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an uploaded file (e.g. RTX file) in all versions up to, and including, 3.3.16 due to insufficient …	CWE-79 Cross-site Scripting	CVE-2024-1596	2024-09-27 01:23	2024-09-7	Show	GitHub Exploit DB Packet Storm

319469	5.4	MEDIUM Network	master-addons	master_addons	The Master Addons – Free Widgets, Hover Effects, Toggle, Conditions, Animations for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-jltma-wrapper-link element…	CWE-79 Cross-site Scripting	CVE-2024-6282	2024-09-27 01:19	2024-09-10	Show	GitHub Exploit DB Packet Storm

319470	-	-	-	-	Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. This is fixed in 0.22.0.	-	CVE-2024-46957	2024-09-27 01:15	2024-09-25	Show	GitHub Exploit DB Packet Storm

319471	8.8	HIGH Network	buffercode	frontend_dashboard	The Frontend Dashboard plugin for WordPress is vulnerable to unauthorized code execution due to insufficient filtering on callable methods/functions via the ajax_request() function in all versions up…	CWE-94 Code Injection	CVE-2024-8268	2024-09-27 01:15	2024-09-10	Show	GitHub Exploit DB Packet Storm

319472	6.5	MEDIUM Network	pinpoint	pinpoint_booking_system	The Pinpoint Booking System – #1 WordPress Booking Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘schedule’ parameter in all versions up to, and including, 2.9.9.5.0 due to insuf…	CWE-89 SQL Injection	CVE-2024-7112	2024-09-27 01:12	2024-09-7	Show	GitHub Exploit DB Packet Storm

319473	7.3	HIGH Network	ifeelweb	affiliate_super_assistent	The The Affiliate Super Assistent plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.5.3. This is due to the software allowing users to supply…	CWE-94 Code Injection	CVE-2024-8478	2024-09-27 00:53	2024-09-10	Show	GitHub Exploit DB Packet Storm

319474	5.3	MEDIUM Network	metagauss	eventprime	The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all ver…	CWE-862 Missing Authorization	CVE-2024-8369	2024-09-27 00:43	2024-09-10	Show	GitHub Exploit DB Packet Storm

319475	8.8	HIGH Network	elizsoftware	panel	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eliz Software Panel allows Command Line Execution through SQL Injection.This issue affects Panel:…	CWE-89 SQL Injection	CVE-2024-5958	2024-09-27 00:35	2024-09-19	Show	GitHub Exploit DB Packet Storm

319476	6.5	MEDIUM Network	apexsoftcell	ld_geo ld_dp_back_office	This vulnerability exists in Apex Softcell LD DP Back Office due to improper validation of certain parameters (cCdslClicentcode and cLdClientCode) in the API endpoint. An authenticated remote attacke…	NVD-CWE-Other	CVE-2024-47085	2024-09-27 00:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

319477	5.4	MEDIUM Network	code-projects	blood_bank_system	A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file bbms.php. The manipulation of the argument fullname/age…	CWE-79 Cross-site Scripting	CVE-2024-9084	2024-09-27 00:29	2024-09-22	Show	GitHub Exploit DB Packet Storm

319478	6.5	MEDIUM Network	apexsoftcell	ld_geo ld_dp_back_office	This vulnerability exists in Apex Softcell LD DP Back Office due to improper implementation of OTP validation mechanism in certain API endpoints. An authenticated remote attacker could exploit this v…	NVD-CWE-Other	CVE-2024-47086	2024-09-27 00:29	2024-09-19	Show	GitHub Exploit DB Packet Storm

319479	9.8	CRITICAL Network	code-projects	restaurant_reservation_system	A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. Affected is an unknown function of the file /filter.php. The manipulation of the argument fro…	CWE-89 SQL Injection	CVE-2024-9086	2024-09-27 00:26	2024-09-23	Show	GitHub Exploit DB Packet Storm

319480	6.5	MEDIUM Network	apexsoftcell	ld_geo ld_dp_back_office	This vulnerability exists in Apex Softcell LD Geo due to improper validation of the certain parameters (Client ID, DPID or BOID) in the API endpoint. An authenticated remote attacker could exploit th…	NVD-CWE-Other	CVE-2024-47087	2024-09-27 00:25	2024-09-19	Show	GitHub Exploit DB Packet Storm

319481	9.8	CRITICAL Network	razormist	telecom_billing_management_system	A vulnerability has been found in SourceCodester Telecom Billing Management System 1.0 and classified as critical. This vulnerability affects the function login. The manipulation of the argument unam…	CWE-120 Classic Buffer Overflow	CVE-2024-9088	2024-09-27 00:19	2024-09-23	Show	GitHub Exploit DB Packet Storm

319482	9.8	CRITICAL Network	vehicle_management_project	vehicle_management	A vulnerability, which was classified as critical, was found in code-projects Vehicle Management 1.0. This affects an unknown part of the file /edit1.php. The manipulation of the argument sno leads t…	CWE-89 SQL Injection	CVE-2024-9087	2024-09-27 00:16	2024-09-23	Show	GitHub Exploit DB Packet Storm

319483	5.4	MEDIUM Network	theme-fusion	avada	The Avada \| Website Builder For WordPress & eCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fusion_button shortcode in all versions up to, and including, …	CWE-79 Cross-site Scripting	CVE-2024-5628	2024-09-27 00:14	2024-09-13	Show	GitHub Exploit DB Packet Storm

319484	4.3	MEDIUM Network	realestateconnected	easy_property_listings	The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack	CWE-352 Origin Validation Error	CVE-2024-3163	2024-09-27 00:13	2024-09-12	Show	GitHub Exploit DB Packet Storm

319485	7.5	HIGH Network	tamparongj_03	online_graduate_tracer_system	A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /tracking/admin/fetch_it.php…	CWE-89 SQL Injection	CVE-2024-7845	2024-09-27 00:10	2024-08-16	Show	GitHub Exploit DB Packet Storm

319486	6.1	MEDIUM Network	wpfactory	wpfactory_helper	The WPFactory Helper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including,…	CWE-79 Cross-site Scripting	CVE-2024-8656	2024-09-27 00:04	2024-09-13	Show	GitHub Exploit DB Packet Storm

319487	6.1	MEDIUM Network	amcharts	amcharts\	The amCharts: Charts and Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'amcharts_javascript' parameter in all versions up to, and including, 1.4.4 due to the abili…	CWE-79 Cross-site Scripting	CVE-2024-8622	2024-09-26 23:59	2024-09-12	Show	GitHub Exploit DB Packet Storm

319488	5.9	MEDIUM Network	fortinet	forticlient	An improper certificate validation vulnerability [CWE-295] in FortiClientWindows 6.4 all versions, 7.0.0 through 7.0.7, FortiClientMac 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.4, FortiCl…	CWE-295 Improper Certificate Validation	CVE-2022-45856	2024-09-26 23:48	2024-09-11	Show	GitHub Exploit DB Packet Storm

319489	9.8	CRITICAL Network	villatheme	woocommerce_photo_reviews	The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. This is due to the plugin not properly validating wha…	CWE-306 Missing Authentication for Critical Function	CVE-2024-8277	2024-09-26 23:39	2024-09-11	Show	GitHub Exploit DB Packet Storm

319490	5.4	MEDIUM Network	elementor	website_builder	The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter of multiple widgets in all versions up to, and in…	CWE-79 Cross-site Scripting	CVE-2024-5416	2024-09-26 23:37	2024-09-11	Show	GitHub Exploit DB Packet Storm

319491	-	-	-	-	Gigastone TR1 Travel Router R101 v1.0.2 is vulnerable to Command Injection. This allows an authenticated attacker to execute arbitrary commands on the device by sending a crafted HTTP request to the …	-	CVE-2024-44678	2024-09-26 23:35	2024-09-26	Show	GitHub Exploit DB Packet Storm

319492	-	-	-	-	An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate privileges and steal sessions via the Random_String() function in the src/core/aws-utils.adb module.	-	CVE-2024-41708	2024-09-26 23:35	2024-09-26	Show	GitHub Exploit DB Packet Storm

319493	-	-	-	-	OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timin…	-	CVE-2024-22893	2024-09-26 23:35	2024-09-26	Show	GitHub Exploit DB Packet Storm

319494	8.8	HIGH Network	themekraft	buddyforms	The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to privilege escalation in all versions up to…	NVD-CWE-noinfo	CVE-2024-8246	2024-09-26 23:00	2024-09-14	Show	GitHub Exploit DB Packet Storm

319495	5.5	MEDIUM Local	apple	macos	A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to modify protected parts of t…	CWE-427 Uncontrolled Search Path Element	CVE-2024-44168	2024-09-26 22:56	2024-09-17	Show	GitHub Exploit DB Packet Storm

319496	5.5	MEDIUM Local	apple	macos	An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. Processing a maliciously crafted texture may lead to…	CWE-125 Out-of-bounds Read	CVE-2024-44161	2024-09-26 22:56	2024-09-17	Show	GitHub Exploit DB Packet Storm

319497	5.5	MEDIUM Local	apple	macos	The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. A malicious application may be able to access private information.	NVD-CWE-noinfo	CVE-2024-44163	2024-09-26 22:55	2024-09-17	Show	GitHub Exploit DB Packet Storm

319498	7.1	HIGH Local	apple	macos ipados iphone_os	This issue was addressed with improved checks. This issue is fixed in iOS 17.7 and iPadOS 17.7, macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to bypass Privacy preferenc…	NVD-CWE-noinfo	CVE-2024-44164	2024-09-26 22:54	2024-09-17	Show	GitHub Exploit DB Packet Storm

319499	7.5	HIGH Network	apple	macos iphone_os ipados visionos	A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7, iOS 17.7 and iPadOS 17.7, visionOS 2, iOS 18 and iPadOS 18, macOS Sonoma 14.7, macOS Sequoia 15. Network t…	NVD-CWE-noinfo	CVE-2024-44165	2024-09-26 22:53	2024-09-17	Show	GitHub Exploit DB Packet Storm

319500	5.5	MEDIUM Local	apple	macos	A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An app may be able to access user-s…	CWE-532 Inclusion of Sensitive Information in Log Files	CVE-2024-44166	2024-09-26 22:47	2024-09-17	Show	GitHub Exploit DB Packet Storm