You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.

U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

NVD Dashboard

CVEs Received and Processed

CVEs Received and Processed

Please Wait

CVE Status Count

Please Wait

CVSS Score Spread

Please Wait

CVSS V3 Score Distribution

Severity Number of Vulns

CVSS V2 Score Distribution

Severity Number of Vulns


For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

  • CVE-2025-67342 - RuoYi versions 4.8.1 and earlier is affected by a stored XSS vulnerability in the /system/menu/edit endpoint. While the endpoint is protected by an XSS filter, the protection can be bypassed. Additionally, because the menu is shared across all use... read CVE-2025-67342
    Published: December 12, 2025; 12:15:45 PM -0500

  • CVE-2025-67818 - An issue was discovered in Weaviate OSS before 1.33.4. An attacker with access to insert data into the database can craft an entry name with an absolute path (e.g., /etc/...) or use parent directory traversal (../../..) to escape the restore root ... read CVE-2025-67818
    Published: December 12, 2025; 12:15:45 PM -0500

  • CVE-2025-67819 - An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplication... read CVE-2025-67819
    Published: December 12, 2025; 12:15:45 PM -0500

  • CVE-2025-14570 - A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_admin.php. This manipulation of the argument admin_id causes sql injection. The attack may ... read CVE-2025-14570
    Published: December 12, 2025; 2:16:01 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2025-14571 - A vulnerability has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /borrow_book.php. Such manipulation of the argument roll_number leads to sql injection. The at... read CVE-2025-14571
    Published: December 12, 2025; 2:16:02 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2025-14372 - Use after free in Password Manager in Google Chrome prior to 143.0.7499.110 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
    Published: December 12, 2025; 3:15:39 PM -0500

  • CVE-2025-14373 - Inappropriate implementation in Toolbar in Google Chrome on Android prior to 143.0.7499.110 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
    Published: December 12, 2025; 3:15:40 PM -0500

  • CVE-2025-14578 - A weakness has been identified in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /update_account.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the at... read CVE-2025-14578
    Published: December 12, 2025; 3:15:40 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2024-58316 - Online Shopping System Advanced 1.0 contains a SQL injection vulnerability in the payment_success.php script that allows attackers to inject malicious SQL through the unfiltered 'cm' parameter. Attackers can exploit the vulnerability by sending cr... read CVE-2024-58316
    Published: December 12, 2025; 4:15:51 PM -0500

  • CVE-2025-14580 - A security vulnerability has been detected in Qualitor up to 8.24.73. The impacted element is an unknown function of the file /Qualitor/html/bc/bcdocumento9/biblioteca/request/viewDocumento.php. Such manipulation of the argument cdscript leads to ... read CVE-2025-14580
    Published: December 12, 2025; 4:15:52 PM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2025-36100 - IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0  Java and JMS stores a password in client configuration files wh... read CVE-2025-36100
    Published: September 06, 2025; 9:15:32 PM -0400

    V3.1: 5.5 MEDIUM

  • CVE-2022-49078 - In the Linux kernel, the following vulnerability has been resolved: lz4: fix LZ4_decompress_safe_partial read out of bound When partialDecoding, it is EOF if we've either filled the output buffer or can't proceed with reading an offset for follo... read CVE-2022-49078
    Published: February 26, 2025; 2:00:45 AM -0500

  • CVE-2025-43732 - Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vulnerable ... read CVE-2025-43732
    Published: August 18, 2025; 10:15:29 AM -0400

    V3.1: 2.7 LOW

  • CVE-2024-5800 - Diffie-Hellman groups with insufficient strength are used in the SSL/TLS stack of B&R Automation Runtime versions before 6.0.2, allowing a network attacker to decrypt the SSL/TLS communication.
    Published: August 12, 2024; 9:38:38 AM -0400

    V3.1: 7.5 HIGH

  • CVE-2025-43739 - Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allow any authe... read CVE-2025-43739
    Published: August 19, 2025; 10:15:38 AM -0400

    V3.1: 4.3 MEDIUM

  • CVE-2021-22280 - Improper DLL loading algorithms in B&R Automation Studio versions >=4.0 and <4.12 may allow an authenticated local attacker to execute code in the context of the product.
    Published: May 14, 2024; 4:15:11 PM -0400

  • CVE-2025-55232 - Deserialization of untrusted data in Microsoft High Performance Compute Pack (HPC) allows an unauthorized attacker to execute code over a network.
    Published: September 09, 2025; 1:16:06 PM -0400

  • CVE-2024-1914 - An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible. The vulnerability could potentially be exploited to perform unauthorized actions by an attacker. This vulnerabil... read CVE-2024-1914
    Published: May 14, 2024; 12:16:03 PM -0400

  • CVE-2024-1913 - An attacker who successfully exploited these vulnerabilities could cause the robot to stop, make the robot controller inaccessible, or execute arbitrary code.  The vulnerability could potentially be exploited to perform unauthorized actions by a... read CVE-2024-1913
    Published: May 14, 2024; 12:16:01 PM -0400

  • CVE-2025-14526 - A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The ... read CVE-2025-14526
    Published: December 11, 2025; 12:15:55 PM -0500

    V3.1: 8.8 HIGH

Morty Proxy This is a proxified and sanitized view of the page, visit original site.