) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2024-37798 - Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input field.
Published: June 17, 2024; 5:15:51 PM -0400 -
CVE-2023-35040 - Missing Authorization vulnerability in SendPress SendPress Newsletters.This issue affects SendPress Newsletters: from n/a through 1.23.11.6.
Published: June 13, 2024; 8:15:09 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-5701 - Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127.
Published: June 11, 2024; 9:15:51 AM -0400 -
CVE-2024-32778 - Missing Authorization vulnerability in Contest Gallery.This issue affects Contest Gallery: from n/a through 21.3.4.
Published: June 09, 2024; 9:15:50 AM -0400V3.1: 8.1 HIGH
-
CVE-2024-36801 - A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the lgid parameter in Download.php.
Published: June 04, 2024; 9:15:52 AM -0400 -
CVE-2024-36800 - A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Download.php.
Published: June 04, 2024; 9:15:52 AM -0400 -
CVE-2023-40332 - Improper Control of Interaction Frequency vulnerability in Lester ‘GaMerZ’ Chan WP-PostRatings allows Functionality Misuse.This issue affects WP-PostRatings: from n/a through 1.91.
Published: June 04, 2024; 4:15:09 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-34987 - A SQL Injection vulnerability exists in the `ofrs/admin/index.php` script of PHPGurukul Online Fire Reporting System 1.2. The vulnerability allows attackers to bypass authentication and gain unauthorized access by injecting SQL commands into the u... read CVE-2024-34987
Published: June 03, 2024; 4:15:09 PM -0400 -
CVE-2024-34796 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through 2.1.1.
Published: June 03, 2024; 7:15:10 AM -0400V3.1: 4.8 MEDIUM
-
CVE-2024-35635 - Server-Side Request Forgery (SSRF) vulnerability in WPManageNinja LLC Ninja Tables.This issue affects Ninja Tables: from n/a through 5.0.9.
Published: June 03, 2024; 6:15:14 AM -0400V3.1: 4.9 MEDIUM
-
CVE-2024-35403 - TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a stack overflow via the desc parameter in the function setIpPortFilterRules
Published: May 28, 2024; 1:15:11 PM -0400 -
CVE-2024-35511 - phpgurukul Men Salon Management System v2.0 is vulnerable to SQL Injection via the "username" parameter of /msms/admin/index.php.
Published: May 28, 2024; 5:16:31 PM -0400 -
CVE-2021-21972 - The vSphere Client (HTML5) contains a remote code execution vulnerability in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying opera... read CVE-2021-21972
Published: February 24, 2021; 12:15:15 PM -0500V3.1: 9.8 CRITICAL
V2.0: 10.0 HIGH
-
CVE-2025-27915 - An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-m... read CVE-2025-27915
Published: March 12, 2025; 11:15:39 AM -0400 -
CVE-2025-27914 - An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Reflected Cross-Site Scripting (XSS) vulnerability exists in the /h/rest endpoint, allowing authenticated attackers to inject and execute arbitrary JavaScript in a vict... read CVE-2025-27914
Published: March 12, 2025; 11:15:39 AM -0400 -
CVE-2025-29891 - Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel: from 4.10.0 before 4.10.2, from 4.8.0 before 4.8.5, from 3.10.0 before 3.22.4. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LT... read CVE-2025-29891
Published: March 12, 2025; 11:15:40 AM -0400 -
CVE-2025-25565 - SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert and PtMakeCert2048 functions.
Published: March 12, 2025; 12:15:22 PM -0400 -
CVE-2025-25566 - Memory Leak vulnerability in SoftEtherVPN 5.02.5187 allows an attacker to cause a denial of service via the UnixMemoryAlloc function.
Published: March 12, 2025; 12:15:22 PM -0400 -
CVE-2025-25567 - SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in Internat.c via the UniToStrForSingleChars function.
Published: March 12, 2025; 12:15:22 PM -0400 -
CVE-2025-25568 - SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcceptThread function.
Published: March 12, 2025; 12:15:22 PM -0400