U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
The letters N V D typed out in binary
New 2.0 APIs
Emphasis on APIs for web automation
2022-23 Change Timeline
Icon for CISA Known Exploited Vulnerabilities Catalog Announcement
New Parameters

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2023-1338 - The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and including, 1.7.1. This makes it possible for authenti... read CVE-2023-1338
    Published: March 10, 2023; 3:15:10 PM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2023-1339 - The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and including, 1.7.1. This makes it possible for authe... read CVE-2023-1339
    Published: March 10, 2023; 3:15:10 PM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2023-1337 - The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and including, 1.7.1. This makes it possible for authenticate... read CVE-2023-1337
    Published: March 10, 2023; 3:15:10 PM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2023-1336 - The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and including, 1.7.1. This makes it possible for authent... read CVE-2023-1336
    Published: March 10, 2023; 3:15:10 PM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2023-1335 - The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and including, 1.7.1. This makes it possible for aut... read CVE-2023-1335
    Published: March 10, 2023; 3:15:10 PM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2023-1334 - The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and including, 1.7.1. This makes it possible for authenti... read CVE-2023-1334
    Published: March 10, 2023; 3:15:10 PM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2023-1333 - The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authentic... read CVE-2023-1333
    Published: March 10, 2023; 3:15:10 PM -0500

    V3.1: 4.3 MEDIUM

  • CVE-2022-4315 - An issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headers with every request on the authentication page.
    Published: March 08, 2023; 6:15:10 PM -0500

    V3.1: 6.5 MEDIUM

  • CVE-2021-4330 - The Envato Elements & Download and Template Kit – Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files in the installFreeTemplateKit and uploadTemplate... read CVE-2021-4330
    Published: March 07, 2023; 9:15:09 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2023-22890 - SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition.
    Published: March 08, 2023; 4:15:10 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-23760 - A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages sit... read CVE-2023-23760
    Published: March 08, 2023; 2:15:10 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2021-4331 - The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin adds a registration form to the Elementor page builders functionality. As part of th... read CVE-2021-4331
    Published: March 07, 2023; 10:15:10 AM -0500

    V3.1: 8.8 HIGH

  • CVE-2021-4332 - The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). The plugin has a feature to add an "Info Box" to an Elementor created page. This Info Box can i... read CVE-2021-4332
    Published: March 07, 2023; 10:15:10 AM -0500

    V3.1: 6.5 MEDIUM

  • CVE-2021-4333 - The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view() function. This makes it possible for unauthenticated at... read CVE-2021-4333
    Published: March 07, 2023; 10:15:10 AM -0500

    V3.1: 6.5 MEDIUM

  • CVE-2023-22892 - There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances.
    Published: March 08, 2023; 4:15:10 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2023-24282 - An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone file.
    Published: March 08, 2023; 4:15:10 PM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2021-33352 - An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field.
    Published: March 08, 2023; 5:15:09 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2021-33351 - Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before and fixed in v.1.3.7 allows attackers to escalte privileges via a crafted payload in the ticket message field.
    Published: March 08, 2023; 5:15:09 PM -0500

    V3.1: 9.0 CRITICAL

  • CVE-2021-33353 - Directory Traversal vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via the file attachment directory setting.
    Published: March 08, 2023; 5:15:09 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2023-24781 - Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php.
    Published: March 07, 2023; 10:15:11 AM -0500

    V3.1: 9.8 CRITICAL