U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
Icon for New NVD Communications and Status Updates Page
New Communications Page
The NVD now supports CVSS version 4.0!
CVSS v4.0 Support
The letters N V D typed out in binary
2.0 APIs

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2024-13878 - The SpotBot WordPress plugin through 0.1.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
    Published: March 20, 2025; 2:15:22 AM -0400

  • CVE-2024-13880 - The My Quota WordPress plugin through 1.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
    Published: March 20, 2025; 2:15:22 AM -0400

  • CVE-2024-13881 - The Link My Posts WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
    Published: March 20, 2025; 2:15:22 AM -0400

  • CVE-2025-21536 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged att... read CVE-2025-21536
    Published: January 21, 2025; 4:15:19 PM -0500

  • CVE-2025-21534 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Performance Schema). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privi... read CVE-2025-21534
    Published: January 21, 2025; 4:15:19 PM -0500

  • CVE-2025-21531 - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with ... read CVE-2025-21531
    Published: January 21, 2025; 4:15:18 PM -0500

  • CVE-2025-3170 - A vulnerability classified as critical has been found in Project Worlds Online Lawyer Management System 1.0. This affects an unknown part of the file /admin_user.php. The manipulation of the argument block_id/unblock_id leads to sql injection. It ... read CVE-2025-3170
    Published: April 03, 2025; 2:15:48 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2025-21529 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privi... read CVE-2025-21529
    Published: January 21, 2025; 4:15:18 PM -0500

  • CVE-2025-21525 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker ... read CVE-2025-21525
    Published: January 21, 2025; 4:15:18 PM -0500

  • CVE-2025-21523 - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with ... read CVE-2025-21523
    Published: January 21, 2025; 4:15:17 PM -0500

  • CVE-2025-21522 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacke... read CVE-2025-21522
    Published: January 21, 2025; 4:15:17 PM -0500

  • CVE-2025-3171 - A vulnerability classified as critical was found in Project Worlds Online Lawyer Management System 1.0. This vulnerability affects unknown code of the file /approve_lawyer.php. The manipulation of the argument unblock_id leads to sql injection. Th... read CVE-2025-3171
    Published: April 03, 2025; 2:15:48 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2024-22611 - OpenEMR 7.0.2 is vulnerable to SQL Injection via \openemr\library\classes\Pharmacy.class.php, \controllers\C_Pharmacy.class.php and \openemr\controller.php.
    Published: April 03, 2025; 3:15:39 PM -0400

  • CVE-2025-21567 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via... read CVE-2025-21567
    Published: January 21, 2025; 4:15:23 PM -0500

  • CVE-2025-21566 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple p... read CVE-2025-21566
    Published: January 21, 2025; 4:15:23 PM -0500

  • CVE-2025-21559 - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with ... read CVE-2025-21559
    Published: January 21, 2025; 4:15:22 PM -0500

  • CVE-2025-29647 - SeaCMS v13.3 has a SQL injection vulnerability in the component admin_tempvideo.php.
    Published: April 03, 2025; 3:15:39 PM -0400

  • CVE-2025-21555 - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with ... read CVE-2025-21555
    Published: January 21, 2025; 4:15:22 PM -0500

  • CVE-2025-21546 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high pri... read CVE-2025-21546
    Published: January 21, 2025; 4:15:20 PM -0500

  • CVE-2025-21543 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged att... read CVE-2025-21543
    Published: January 21, 2025; 4:15:20 PM -0500

Created September 20, 2022 , Updated August 27, 2024