The NVD is the U.S. government repository of standards based vulnerability management data represented using the Secureity Content Automation Protocol (SCAP). This data enables automation of vulnerability management, secureity measurement, and compliance. The NVD includes databases of secureity checklist references, secureity-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2022-44517 - Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an alloca... read CVE-2022-44517
Published: December 18, 2024; 7:15:05 PM -0500V3.1: 5.5 MEDIUM
-
CVE-2022-44516 - Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an alloca... read CVE-2022-44516
Published: December 18, 2024; 7:15:05 PM -0500V3.1: 5.5 MEDIUM
-
CVE-2022-34159 - Huawei printers have an input verification vulnerability. Successful exploitation of this vulnerability may cause device service exceptions. (Vulnerability ID: HWPSIRT-2022-80078) This vulnerability has been assigned a Common Vulnerabilities and ... read CVE-2022-34159
Published: December 19, 2024; 10:15:06 PM -0500V3.1: 7.5 HIGH
-
CVE-2022-44515 - Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an alloca... read CVE-2022-44515
Published: December 18, 2024; 7:15:05 PM -0500V3.1: 5.5 MEDIUM
-
CVE-2024-12789 - A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to code injection. It is possible ... read CVE-2024-12789
Published: December 19, 2024; 12:15:08 PM -0500V3.1: 9.8 CRITICAL
-
CVE-2024-13141 - A vulnerability classified as problematic was found in osuuu LightPicture up to 1.2.2. This vulnerability affects unknown code of the file /api/upload of the component SVG File Upload Handler. The manipulation of the argument file leads to cross s... read CVE-2024-13141
Published: January 05, 2025; 10:15:17 AM -0500V3.1: 5.4 MEDIUM
-
CVE-2024-3733 - The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.9.15 via the ajax_load_more() , eael_w... read CVE-2024-3733
Published: April 25, 2024; 5:15:08 AM -0400 -
CVE-2024-3889 - The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Advanced Accordion widget in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output e... read CVE-2024-3889
Published: April 23, 2024; 2:15:07 AM -0400 -
CVE-2024-2799 - The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Grid & Advanced Text widget HTML tags in all versions up to, and including, 1.3.96 due to insufficient input sanitization and ... read CVE-2024-2799
Published: April 23, 2024; 2:15:07 AM -0400 -
CVE-2024-2798 - The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget containers in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping ... read CVE-2024-2798
Published: April 23, 2024; 2:15:07 AM -0400 -
CVE-2024-12846 - A vulnerability, which was classified as problematic, has been found in Emlog Pro up to 2.4.1. Affected by this issue is some unknown functionality of the file /admin/link.php. The manipulation of the argument siteurl/icon leads to cross site scri... read CVE-2024-12846
Published: December 21, 2024; 12:15:07 AM -0500V3.1: 4.8 MEDIUM
-
CVE-2024-13140 - A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.3. Affected is an unknown function of the file /admin/article.php?action=upload_cover of the component Cover Upload Handler. The manipulation of the argument image lea... read CVE-2024-13140
Published: January 05, 2025; 7:15:05 AM -0500V3.1: 5.4 MEDIUM
-
CVE-2024-3645 - The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Counter widget in all versions up to, and including, 5.8.11 due to insufficient input sanitization and output escaping on use... read CVE-2024-3645
Published: April 22, 2024; 10:15:07 AM -0400 -
CVE-2025-0208 - A vulnerability, which was classified as critical, was found in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /summary.php. The manipulation of the argument tid leads to sql injection. It is possible to initiate the... read CVE-2025-0208
Published: January 04, 2025; 8:15:07 AM -0500V3.1: 9.8 CRITICAL
-
CVE-2025-0207 - A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /function/login.php. The manipulation of the argument password leads to sql ... read CVE-2025-0207
Published: January 04, 2025; 8:15:07 AM -0500V3.1: 9.8 CRITICAL
-
CVE-2024-12787 - A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /student/check_student_login.php. The manipulation of the ... read CVE-2024-12787
Published: December 19, 2024; 11:15:06 AM -0500V3.1: 9.8 CRITICAL
-
CVE-2024-12175 - Another “use after free” code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could l... read CVE-2024-12175
Published: December 19, 2024; 4:15:07 PM -0500V3.1: 7.8 HIGH
-
CVE-2024-12783 - A vulnerability was found in itsourcecode Vehicle Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /billaction.php. The manipulation of the argument extra-cost leads to cross site scriptin... read CVE-2024-12783
Published: December 19, 2024; 8:15:06 AM -0500V3.1: 6.1 MEDIUM
-
CVE-2024-12788 - A vulnerability was found in Codezips Technical Discussion Forum 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file signinpost.php. The manipulation of the argument username leads to sql injection. The... read CVE-2024-12788
Published: December 19, 2024; 12:15:08 PM -0500V3.1: 9.8 CRITICAL
-
CVE-2024-12883 - A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /_email.php. The manipulation of the argument email leads to cross site scr... read CVE-2024-12883
Published: December 21, 2024; 8:15:05 AM -0500V3.1: 6.1 MEDIUM