NVD

Icon for New NVD Communications and Status Updates Page

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2025-1507 - The ShareThis Dashboard for Google Analytics plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_actions() function in all versions up to, and including, 3.2.1. This makes it poss... read CVE-2025-1507
Published: March 14, 2025; 5:15:14 AM -0400

V3.1: 5.3 MEDIUM
CVE-2024-12810 - The JobCareer | Job Board Responsive WordPress Theme theme for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability checks on multiple functions in all versions up to, and including, 7.1. This ... read CVE-2024-12810
Published: March 14, 2025; 8:15:13 AM -0400

V3.1: 8.1 HIGH
CVE-2024-13771 - The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of user validation before changing a password. This makes i... read CVE-2024-13771
Published: March 14, 2025; 8:15:13 AM -0400

V3.1: 5.9 MEDIUM
CVE-2024-13772 - The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.1.4. This is due to a lack of randomization of a password created during Single Sign-O... read CVE-2024-13772
Published: March 14, 2025; 8:15:13 AM -0400

V3.1: 5.9 MEDIUM
CVE-2024-13773 - The Civi - Job Board & Freelance Marketplace WordPress Theme plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via hard-coded credentials. This makes it possible for unauthenticated at... read CVE-2024-13773
Published: March 14, 2025; 8:15:14 AM -0400

V3.1: 7.5 HIGH
CVE-2024-13737 - The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the motors_create_template and motors_delete_template functions in all versions up to, and... read CVE-2024-13737
Published: March 21, 2025; 11:15:11 PM -0400

V3.1: 4.3 MEDIUM
CVE-2024-13739 - The Newsletters plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the "to" parameter in all versions up to, and including, 4.9.9.7 due to insufficient input sanitization and output escaping. This makes it possible for unauth... read CVE-2024-13739
Published: March 22, 2025; 1:15:36 AM -0400

V3.1: 6.1 MEDIUM
CVE-2025-0723 - The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to blind and time-based SQL Injections via the rid and search parameters in all versions up to, and including, 5.9.4.7 due to insufficient escaping on the u... read CVE-2025-0723
Published: March 22, 2025; 1:15:38 AM -0400

V3.1: 6.5 MEDIUM
CVE-2025-0724 - The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.9.4.5 via deserialization of untrusted input in the get_user_meta_fields_html function. This... read CVE-2025-0724
Published: March 22, 2025; 1:15:38 AM -0400

V3.1: 8.8 HIGH
CVE-2025-1408 - The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_decline_join_group_request and pm_approve_join_group_request functions in a... read CVE-2025-1408
Published: March 22, 2025; 1:15:38 AM -0400

V3.1: 4.3 MEDIUM
CVE-2025-2625 - A vulnerability classified as critical has been found in westboy CicadasCMS 1.0. This affects an unknown part of the file /system/cms/content/page. The manipulation of the argument orderField/orderDirection leads to sql injection. It is possible t... read CVE-2025-2625
Published: March 22, 2025; 4:15:12 PM -0400

V3.1: 4.9 MEDIUM
CVE-2025-1488 - The WPO365 | MICROSOFT 365 GRAPH MAILER plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.2. This is due to insufficient validation on the redirect url supplied via the 'redirect_to' parameter. This makes ... read CVE-2025-1488
Published: February 24, 2025; 6:15:10 AM -0500

V3.1: 6.1 MEDIUM
CVE-2016-0185 - Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted Media Center link (aka .mcl) file, aka "Windows Media Center Remote Code Execution Vulnerability."
Published: May 10, 2016; 9:59:26 PM -0400

V3.1: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2015-6175 - The kernel in Microsoft Windows 10 Gold allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability."
Published: December 09, 2015; 6:59:56 AM -0500

V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2015-2502 - Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," as exploited in the wild in August 2015.
Published: August 19, 2015; 6:59:00 AM -0400

V3.1: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2015-1701 - Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege ... read CVE-2015-1701
Published: April 21, 2015; 6:59:00 AM -0400

V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2014-8361 - The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.
Published: May 01, 2015; 11:59:01 AM -0400

V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2025-2618 - A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffer overfl... read CVE-2025-2618
Published: March 22, 2025; 10:15:16 AM -0400
CVE-2025-2619 - A vulnerability, which was classified as critical, was found in D-Link DAP-1620 1.03. This affects the function check_dws_cookie of the file /storage of the component Cookie Handler. The manipulation leads to stack-based buffer overflow. It is pos... read CVE-2025-2619
Published: March 22, 2025; 10:15:16 AM -0400
CVE-2025-2620 - A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-bas... read CVE-2025-2620
Published: March 22, 2025; 11:15:38 AM -0400

Created September 20, 2022 , Updated August 27, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: