U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2024-5532 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenTextâ„¢ Operations Agent.  The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the ... read CVE-2024-5532
    Published: October 28, 2024; 3:15:15 PM -0400

    V3.1: 4.8 MEDIUM

  • CVE-2024-20906 - Vulnerability in the Integrated Lights Out Manager (ILOM) product of Oracle Systems (component: System Management). Supported versions that are affected are 3, 4 and 5. Easily exploitable vulnerability allows high privileged attacker with networ... read CVE-2024-20906
    Published: January 16, 2024; 5:15:38 PM -0500

    V3.1: 4.8 MEDIUM

  • CVE-2024-28804 - An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Stored Cross-site scripting (XSS) can occur via POST.
    Published: July 29, 2024; 3:15:11 PM -0400

  • CVE-2024-28806 - An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Remote unauthenticated attackers can upload files at an arbitrary path.
    Published: July 29, 2024; 3:15:12 PM -0400

  • CVE-2024-34399 - **UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access any user account without using any password. NOTE: This vulnerability only affects products that are no longe... read CVE-2024-34399
    Published: September 18, 2024; 2:15:06 PM -0400

  • CVE-2024-34398 - An issue was discovered in BMC Remedy Mid Tier 7.6.04. The web application allows stored HTML Injection by authenticated remote attackers.
    Published: March 12, 2025; 1:15:41 PM -0400

  • CVE-2024-0799 - An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function within wizardLogin.
    Published: March 13, 2024; 3:15:46 PM -0400

  • CVE-2024-28805 - An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. There is Incorrect Access Control.
    Published: July 29, 2024; 3:15:11 PM -0400

  • CVE-2025-23366 - A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authent... read CVE-2025-23366
    Published: January 14, 2025; 1:16:06 PM -0500

    V3.1: 4.8 MEDIUM

  • CVE-2024-28803 - Cross-site scripting (XSS) vulnerability in Italtel S.p.A. i-MCS NFV v.12.1.0-20211215 allows unauthenticated remote attackers to inject arbitrary web script or HTML into HTTP/POST parameter
    Published: March 13, 2025; 10:15:24 AM -0400

  • CVE-2024-52949 - iptraf-ng 1.2.1 has a stack-based buffer overflow. In src/ifaces.c, the strcpy function consistently fails to control the size, and it is consequently possible to overflow memory on the stack.
    Published: December 16, 2024; 5:15:06 PM -0500

  • CVE-2024-0800 - A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet.
    Published: March 13, 2024; 3:15:46 PM -0400

  • CVE-2024-0801 - A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll.
    Published: March 13, 2024; 3:15:46 PM -0400

  • CVE-2024-25651 - User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint.
    Published: March 13, 2024; 11:15:08 PM -0400

  • CVE-2025-1534 - CVE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, fro... read CVE-2025-1534
    Published: April 01, 2025; 12:15:44 AM -0400

    V3.1: 5.4 MEDIUM

  • CVE-2024-25653 - Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI.
    Published: March 13, 2024; 11:15:09 PM -0400

  • CVE-2025-24949 - In JotUrl 2.0, is possible to bypass security requirements during the password change process.
    Published: April 15, 2025; 12:16:05 PM -0400

  • CVE-2024-29026 - Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. In versions 0.1.2 and prior, a lenient CORS policy allows attackers to make a cross origin request, reading privileged information. This can b... read CVE-2024-29026
    Published: March 20, 2024; 6:15:08 PM -0400

    V3.1: 9.1 CRITICAL

  • CVE-2025-5459 - A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been reso... read CVE-2025-5459
    Published: June 26, 2025; 3:15:27 AM -0400

    V3.1: 8.8 HIGH

  • CVE-2025-23368 - A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.
    Published: March 04, 2025; 11:15:39 AM -0500

    V3.1: 9.8 CRITICAL

Created September 20, 2022 , Updated August 27, 2024