NVD

Icon for New NVD Communications and Status Updates Page

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2024-52301 - Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. T... read CVE-2024-52301
Published: November 12, 2024; 3:15:14 PM -0500

V3.1: 7.5 HIGH
CVE-2024-49765 - Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in th... read CVE-2024-49765
Published: December 19, 2024; 3:15:07 PM -0500

V3.1: 9.1 CRITICAL
CVE-2024-52589 - Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users un... read CVE-2024-52589
Published: December 19, 2024; 3:15:07 PM -0500

V3.1: 2.7 LOW
CVE-2024-52794 - Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds fo... read CVE-2024-52794
Published: December 19, 2024; 3:15:07 PM -0500

V3.1: 6.1 MEDIUM
CVE-2024-53991 - Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use `FileStore::LocalStore` which means uploads and backups are stored locally on disk. If an attacker knows the name ... read CVE-2024-53991
Published: December 19, 2024; 3:15:07 PM -0500

V3.1: 5.9 MEDIUM
CVE-2024-56362 - Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with acces... read CVE-2024-56362
Published: December 23, 2024; 1:15:07 PM -0500

V3.1: 5.5 MEDIUM
CVE-2025-30353 - Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0 and prior to version 11.5.0, when a Flow with the "Webhook" trigger and the "Data of Last Operation" response body encounters a ValidationE... read CVE-2025-30353
Published: March 26, 2025; 2:15:27 PM -0400

V3.1: 7.5 HIGH
CVE-2025-30352 - Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0-alpha.4 and prior to version 11.5.0, the `search` query parameter allows users with access to a collection to filter items based on fields t... read CVE-2025-30352
Published: March 26, 2025; 2:15:27 PM -0400
CVE-2025-30351 - Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.10.0 and prior to version 11.5.0, a suspended user can use the token generated in session auth mode to access the API despite their status. Thi... read CVE-2025-30351
Published: March 26, 2025; 2:15:26 PM -0400

V3.1: 4.3 MEDIUM
CVE-2025-24808 - Discourse is an open-source discussion platform. Prior to versions `3.3.4` on the `stable` branch and `3.4.0.beta5` on the `beta` branch, someone who is about to reach the limit of users in a group DM may send requests to add new users in parallel... read CVE-2025-24808
Published: March 26, 2025; 10:15:32 AM -0400

V3.1: 3.1 LOW
CVE-2024-28027 - Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authent... read CVE-2024-28027
Published: November 21, 2024; 10:15:28 AM -0500
CVE-2024-28026 - Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authent... read CVE-2024-28026
Published: November 21, 2024; 10:15:28 AM -0500
CVE-2024-28025 - Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authent... read CVE-2024-28025
Published: November 21, 2024; 10:15:28 AM -0500
CVE-2024-41259 - Use of insecure hashing algorithm in the Gravatar's service in Navidrome v0.52.3 allows attackers to manipulate a user's account information.
Published: August 01, 2024; 5:15:36 PM -0400
CVE-2025-3199 - A vulnerability was found in ageerle ruoyi-ai up to 2.0.1 and classified as critical. Affected by this issue is some unknown functionality of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/controller/system/SysModelController.j... read CVE-2025-3199
Published: April 03, 2025; 10:15:19 PM -0400

V3.1: 9.8 CRITICAL
CVE-2025-3202 - A vulnerability classified as critical has been found in ageerle ruoyi-ai up to 2.0.0. Affected is an unknown function of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/controller/system/SysNoticeController.java. The manipulati... read CVE-2025-3202
Published: April 03, 2025; 11:15:13 PM -0400

V3.1: 9.1 CRITICAL
CVE-2025-32035 - DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to 9.13.2, when uploading files (e.g. when uploading assets), the file extension is checked to see if it's an allowed file type but... read CVE-2025-32035
Published: April 08, 2025; 2:16:08 PM -0400

V3.1: 7.5 HIGH
CVE-2025-32036 - DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. The algorithm used to generate the captcha image shows the least complexity of the desired image. For this reason, the created image can ... read CVE-2025-32036
Published: April 08, 2025; 2:16:08 PM -0400

V3.1: 6.5 MEDIUM
CVE-2025-32371 - DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting imag... read CVE-2025-32371
Published: April 09, 2025; 12:15:24 PM -0400
CVE-2025-32372 - DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. A bypass has been identified for the previously known vulnerability CVE-2017-0929, allowing unauthenticated attackers to execute arbitrar... read CVE-2025-32372
Published: April 09, 2025; 12:15:25 PM -0400

V3.1: 7.5 HIGH

Created September 20, 2022 , Updated August 27, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: