What technologies nvd.nist.gov is built with

[  

**New Communications Page**](https://www.nist.gov/itl/nvd)

[  

**CVSS v4.0 Support**](/general/news/cvss-v4-0-official-support)

[  

**2.0 APIs**](/general/news/api-20-announcements)

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.  

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult [NIST's Public Data Repository](https://data.nist.gov/od/id/1E0F15DAAEFB84E4E0531A5706813DD8436).  

#### Legal Disclaimer:

Here is where you can read the NVD [legal disclaimer](general/legal-disclaimer).

**Last 20 Scored Vulnerability IDs & Summaries** **CVSS Severity**

*   **[CVE-2024-23193](/vuln/detail/CVE-2024-23193)** - E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment un... [read CVE-2024-23193](/vuln/detail/CVE-2024-23193#vulnDescriptionTitle)  

    **Published:** May 06, 2024; 3:15:07 AM -0400

*   **[CVE-2024-23186](/vuln/detail/CVE-2024-23186)** - E-Mail containing malicious display-name information could trigger client-side script execution when using specific mobile devices. Attackers could perform malicious API requests or extract information from the users account. Please deploy the pro... [read CVE-2024-23186](/vuln/detail/CVE-2024-23186#vulnDescriptionTitle)  

    **Published:** May 06, 2024; 3:15:06 AM -0400

    _V3.1:_ [6.1 MEDIUM](/vuln-metrics/cvss/v3-calculator?name=CVE-2024-23186&vector=AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N&version=3.1&source=NIST)  

*   **[CVE-2024-23187](/vuln/detail/CVE-2024-23187)** - Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the v... [read CVE-2024-23187](/vuln/detail/CVE-2024-23187#vulnDescriptionTitle)  

    **Published:** May 06, 2024; 3:15:06 AM -0400

    _V3.1:_ [6.1 MEDIUM](/vuln-metrics/cvss/v3-calculator?name=CVE-2024-23187&vector=AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N&version=3.1&source=NIST)  

*   **[CVE-2024-13869](/vuln/detail/CVE-2024-13869)** - The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'upload\_files' function in all versions up to, and including, 0.9.112. This makes i... [read CVE-2024-13869](/vuln/detail/CVE-2024-13869#vulnDescriptionTitle)  

    **Published:** February 22, 2025; 8:15:10 AM -0500

*   **[CVE-2025-0918](/vuln/detail/CVE-2025-0918)** - The SMTP for SendGrid – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attack... [read CVE-2025-0918](/vuln/detail/CVE-2025-0918#vulnDescriptionTitle)  

    **Published:** February 22, 2025; 8:15:11 AM -0500

    _V3.1:_ [6.1 MEDIUM](/vuln-metrics/cvss/v3-calculator?name=CVE-2025-0918&vector=AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N&version=3.1&source=NIST)  

*   **[CVE-2025-0953](/vuln/detail/CVE-2025-0953)** - The SMTP for Sendinblue – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated atta... [read CVE-2025-0953](/vuln/detail/CVE-2025-0953#vulnDescriptionTitle)  

    **Published:** February 22, 2025; 8:15:11 AM -0500

    _V3.1:_ [6.1 MEDIUM](/vuln-metrics/cvss/v3-calculator?name=CVE-2025-0953&vector=AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N&version=3.1&source=NIST)  

*   **[CVE-2025-1853](/vuln/detail/CVE-2025-1853)** - A vulnerability was found in Tenda AC8 16.03.34.06 and classified as critical. This issue affects the function sub\_49E098 of the file /goform/SetIpMacBind of the component Parameter Handler. The manipulation of the argument list leads to stack-bas... [read CVE-2025-1853](/vuln/detail/CVE-2025-1853#vulnDescriptionTitle)  

    **Published:** March 03, 2025; 1:15:21 AM -0500

    _V3.1:_ [9.8 CRITICAL](/vuln-metrics/cvss/v3-calculator?name=CVE-2025-1853&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST)  

*   **[CVE-2025-1814](/vuln/detail/CVE-2025-1814)** - A vulnerability, which was classified as critical, has been found in Tenda AC6 15.03.05.16. Affected by this issue is some unknown functionality of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk\_crypto leads to stack-based ... [read CVE-2025-1814](/vuln/detail/CVE-2025-1814#vulnDescriptionTitle)  

    **Published:** March 02, 2025; 6:15:10 AM -0500

    _V3.1:_ [9.8 CRITICAL](/vuln-metrics/cvss/v3-calculator?name=CVE-2025-1814&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST)  

*   **[CVE-2024-30232](/vuln/detail/CVE-2024-30232)** - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.  

    **Published:** March 26, 2024; 8:15:50 AM -0400

    _V3.1:_ [5.4 MEDIUM](/vuln-metrics/cvss/v3-calculator?name=CVE-2024-30232&vector=AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N&version=3.1&source=NIST)  

*   **[CVE-2024-30177](/vuln/detail/CVE-2024-30177)** - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.8.  

    **Published:** March 27, 2024; 7:15:47 AM -0400

    _V3.1:_ [5.4 MEDIUM](/vuln-metrics/cvss/v3-calculator?name=CVE-2024-30177&vector=AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N&version=3.1&source=NIST)  

*   **[CVE-2023-50961](/vuln/detail/CVE-2023-50961)** - IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus... [read CVE-2023-50961](/vuln/detail/CVE-2023-50961#vulnDescriptionTitle)  

    **Published:** March 27, 2024; 9:15:46 AM -0400

    _V3.1:_ [5.4 MEDIUM](/vuln-metrics/cvss/v3-calculator?name=CVE-2023-50961&vector=AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N&version=3.1&source=NIST)  

*   **[CVE-2024-27270](/vuln/detail/CVE-2024-27270)** - IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in a specially crafted URI. IBM X-Force ID: 284576.  

    **Published:** March 27, 2024; 9:15:47 AM -0400

    _V3.1:_ [6.1 MEDIUM](/vuln-metrics/cvss/v3-calculator?name=CVE-2024-27270&vector=AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N&version=3.1&source=NIST)  

*   **[CVE-2024-28784](/vuln/detail/CVE-2024-28784)** - IBM QRadar SIEM 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ses... [read CVE-2024-28784](/vuln/detail/CVE-2024-28784#vulnDescriptionTitle)  

    **Published:** March 27, 2024; 9:15:47 AM -0400

*   **[CVE-2023-36679](/vuln/detail/CVE-2023-36679)** - Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Spectra.This issue affects Spectra: from n/a through 2.6.6.  

    **Published:** March 28, 2024; 2:15:09 AM -0400

    _V3.1:_ [6.5 MEDIUM](/vuln-metrics/cvss/v3-calculator?name=CVE-2023-36679&vector=AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N&version=3.1&source=NIST)  

*   **[CVE-2025-1889](/vuln/detail/CVE-2025-1889)** - picklescan before 0.0.22 only considers standard pickle file extensions in the scope for its vulnerability scan. An attacker could craft a malicious model that uses Pickle and include a malicious pickle file with a non-standard file extension. Bec... [read CVE-2025-1889](/vuln/detail/CVE-2025-1889#vulnDescriptionTitle)  

    **Published:** March 03, 2025; 2:15:34 PM -0500

    _V3.1:_ [9.8 CRITICAL](/vuln-metrics/cvss/v3-calculator?name=CVE-2025-1889&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H&version=3.1&source=NIST)  

*   **[CVE-2025-27500](/vuln/detail/CVE-2025-27500)** - OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint(/api/upload) on the admin panel can be accessed without any form of authentication. This endpoint accepts an HTTP POST to upload a file which... [read CVE-2025-27500](/vuln/detail/CVE-2025-27500#vulnDescriptionTitle)  

    **Published:** March 03, 2025; 2:15:36 PM -0500

    _V3.1:_ [6.1 MEDIUM](/vuln-metrics/cvss/v3-calculator?name=CVE-2025-27500&vector=AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N&version=3.1&source=NIST)  

*   **[CVE-2025-27501](/vuln/detail/CVE-2025-27501)** - OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint on the admin panel can be accessed without any form of authentication. This endpoint accepts a user-supplied URL parameter to connect to an O... [read CVE-2025-27501](/vuln/detail/CVE-2025-27501#vulnDescriptionTitle)  

    **Published:** March 03, 2025; 2:15:36 PM -0500

*   **[CVE-2025-1891](/vuln/detail/CVE-2025-1891)** - A vulnerability was found in shishuocms 1.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to th... [read CVE-2025-1891](/vuln/detail/CVE-2025-1891#vulnDescriptionTitle)  

    **Published:** March 03, 2025; 7:15:31 PM -0500

    _V3.1:_ [8.8 HIGH](/vuln-metrics/cvss/v3-calculator?name=CVE-2025-1891&vector=AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H&version=3.1&source=NIST)  

*   **[CVE-2025-1892](/vuln/detail/CVE-2025-1892)** - A vulnerability was found in shishuocms 1.1. It has been classified as problematic. Affected is an unknown function of the file /manage/folder/add.json of the component Directory Deletion Page. The manipulation of the argument folderName leads to ... [read CVE-2025-1892](/vuln/detail/CVE-2025-1892#vulnDescriptionTitle)  

    **Published:** March 03, 2025; 8:15:11 PM -0500

    _V3.1:_ [4.8 MEDIUM](/vuln-metrics/cvss/v3-calculator?name=CVE-2025-1892&vector=AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N&version=3.1&source=NIST)  

*   **[CVE-2025-21401](/vuln/detail/CVE-2025-21401)** - Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability  

    **Published:** February 14, 2025; 7:15:27 PM -0500

Created September 20, 2022 , Updated August 27, 2024
🏳️NVD - Home

nvd.nist.gov
