The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2024-12900 - A vulnerability classified as critical has been found in FoxCMS up to 1.2. Affected is an unknown function of the file /install/installdb.php of the component Configuration File Handler. The manipulation of the argument database password leads to ... read CVE-2024-12900
Published: December 22, 2024; 9:15:05 PM -0500V3.1: 9.8 CRITICAL
-
CVE-2025-3792 - A vulnerability, which was classified as critical, has been found in SeaCMS up to 13.3. This issue affects some unknown processing of the file /admin_link.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack ... read CVE-2025-3792
Published: April 18, 2025; 11:15:59 AM -0400V3.1: 7.2 HIGH
-
CVE-2025-3797 - A vulnerability classified as critical was found in SeaCMS up to 13.3. This vulnerability affects unknown code of the file /admin_topic.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack can be initiated re... read CVE-2025-3797
Published: April 19, 2025; 3:15:13 AM -0400V3.1: 7.2 HIGH
-
CVE-2024-10116 - The Twitter Follow Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'username' parameter in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible f... read CVE-2024-10116
Published: November 22, 2024; 11:15:07 PM -0500V3.1: 5.4 MEDIUM
-
CVE-2025-3798 - A vulnerability, which was classified as critical, has been found in WCMS 11. This issue affects the function sub of the file app/admin/AdvadminController.php of the component Advertisement Image Handler. The manipulation leads to unrestricted upl... read CVE-2025-3798
Published: April 19, 2025; 6:15:15 AM -0400V3.1: 7.2 HIGH
-
CVE-2025-3799 - A vulnerability, which was classified as critical, was found in WCMS 11. Affected is an unknown function of the file app/controllers/AnonymousController.php. The manipulation of the argument email/username leads to sql injection. It is possible to... read CVE-2025-3799
Published: April 19, 2025; 7:15:48 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2025-3800 - A vulnerability has been found in WCMS 11 and classified as critical. Affected by this vulnerability is an unknown functionality of the file app/controllers/AnonymousController.php. The manipulation of the argument mobile_phone leads to sql inject... read CVE-2025-3800
Published: April 19, 2025; 8:15:13 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-56325 - Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d {\"username\":\"hack2\",\"password\":\"hac... read CVE-2024-56325
Published: April 01, 2025; 5:15:15 AM -0400 -
CVE-2023-40714 - A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements
Published: April 02, 2025; 4:15:13 AM -0400V3.1: 8.8 HIGH
-
CVE-2024-56475 - IBM TXSeries for Multiplatforms 9.1 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to cr... read CVE-2024-56475
Published: April 02, 2025; 12:17:39 PM -0400V3.1: 5.4 MEDIUM
-
CVE-2025-0154 - IBM TXSeries for Multiplatforms 9.1 and 11.1 could disclose sensitive information to a remote attacker due to improper neutralization of HTTP headers.
Published: April 02, 2025; 12:17:40 PM -0400V3.1: 7.5 HIGH
-
CVE-2024-56476 - IBM TXSeries for Multiplatforms 9.1 and 11.1 could allow an attacker to enumerate usernames due to an observable login attempt response discrepancy.
Published: April 02, 2025; 12:17:40 PM -0400V3.1: 5.3 MEDIUM
-
CVE-2025-30677 - Apache Pulsar contains multiple connectors for integrating with Apache Kafka. The Pulsar IO Apache Kafka Source Connector, Sink Connector, and Kafka Connect Adaptor Sink Connector log sensitive configuration properties in plain text in application... read CVE-2025-30677
Published: April 09, 2025; 8:15:15 AM -0400V3.1: 6.5 MEDIUM
-
CVE-2025-31672 - Improper Input Validation vulnerability in Apache POI. The issue affects the parsing of OOXML format files like xlsx, docx and pptx. These file formats are basically zip files and it is possible for malicious users to add zip entries with duplicat... read CVE-2025-31672
Published: April 09, 2025; 8:15:15 AM -0400 -
CVE-2019-16149 - An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by t... read CVE-2019-16149
Published: March 28, 2025; 6:15:13 AM -0400V3.1: 6.1 MEDIUM
-
CVE-2024-58130 - In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses.
Published: March 28, 2025; 6:15:17 PM -0400V3.1: 6.1 MEDIUM
-
CVE-2025-2549 - A vulnerability has been found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /goform/formSetPassword. The manipulation leads to improper access contro... read CVE-2025-2549
Published: March 20, 2025; 1:15:38 PM -0400V3.1: 8.8 HIGH
-
CVE-2025-2711 - A vulnerability was found in Yonyou UFIDA ERP-NC 5.0. It has been classified as problematic. Affected is an unknown function of the file /help/systop.jsp. The manipulation of the argument langcode leads to cross site scripting. It is possible to l... read CVE-2025-2711
Published: March 24, 2025; 5:15:18 PM -0400V3.1: 6.1 MEDIUM
-
CVE-2025-2547 - A vulnerability, which was classified as problematic, has been found in D-Link DIR-618 and DIR-605L 2.02/3.02. This issue affects some unknown processing of the file /goform/formAdvNetwork. The manipulation leads to improper access controls. The a... read CVE-2025-2547
Published: March 20, 2025; 12:15:16 PM -0400V3.1: 4.3 MEDIUM
-
CVE-2025-46953 - Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript ... read CVE-2025-46953
Published: June 10, 2025; 7:15:39 PM -0400V3.1: 5.4 MEDIUM