NVD

Icon for New NVD Communications and Status Updates Page

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2020-37114 - GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information dis... read CVE-2020-37114
Published: February 03, 2026; 1:16:11 PM -0500

V3.1: 6.5 MEDIUM
CVE-2020-37116 - GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, l... read CVE-2020-37116
Published: February 03, 2026; 1:16:12 PM -0500

V3.1: 8.8 HIGH
CVE-2025-3569 - A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ShiroConfig.java. The manipulation leads to improper authorization. The attack ma... read CVE-2025-3569
Published: April 14, 2025; 10:15:25 AM -0400
CVE-2025-3546 - A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is the function FCGI_CheckStringIfContainsSemicolon of the fil... read CVE-2025-3546
Published: April 13, 2025; 10:15:13 PM -0400
CVE-2020-37115 - GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential th... read CVE-2020-37115
Published: February 03, 2026; 1:16:11 PM -0500

V3.1: 4.9 MEDIUM
CVE-2025-59891 - Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. T... read CVE-2025-59891
Published: January 28, 2026; 7:15:50 AM -0500

V3.1: 8.0 HIGH
CVE-2025-59892 - Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. T... read CVE-2025-59892
Published: January 28, 2026; 7:15:50 AM -0500

V3.1: 8.0 HIGH
CVE-2025-59893 - Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. T... read CVE-2025-59893
Published: January 28, 2026; 7:15:50 AM -0500

V3.1: 8.0 HIGH
CVE-2025-59894 - Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. T... read CVE-2025-59894
Published: January 28, 2026; 7:15:50 AM -0500

V3.1: 8.0 HIGH
CVE-2025-59895 - Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during t... read CVE-2025-59895
Published: January 28, 2026; 7:15:51 AM -0500

V3.1: 7.5 HIGH
CVE-2025-59896 - Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from the... read CVE-2025-59896
Published: January 28, 2026; 7:15:51 AM -0500

V3.1: 5.4 MEDIUM
CVE-2025-59897 - Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from the... read CVE-2025-59897
Published: January 28, 2026; 7:15:51 AM -0500

V3.1: 5.4 MEDIUM
CVE-2025-59898 - Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from the... read CVE-2025-59898
Published: January 28, 2026; 7:15:51 AM -0500

V3.1: 5.4 MEDIUM
CVE-2025-59899 - Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from the... read CVE-2025-59899
Published: January 28, 2026; 7:15:51 AM -0500

V3.1: 5.4 MEDIUM
CVE-2025-59900 - Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from the... read CVE-2025-59900
Published: January 28, 2026; 7:15:51 AM -0500

V3.1: 5.4 MEDIUM
CVE-2025-46651 - Tiny File Manager through 2.6 contains a server-side request forgery (SSRF) vulnerability in the URL upload feature. Due to insufficient validation of user-supplied URLs, an attacker can send crafted requests to localhost by using http://www.127.0... read CVE-2025-46651
Published: February 03, 2026; 1:16:12 PM -0500
CVE-2025-52626 - A Potential Command Injection vulnerability in HCL AION. An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0
Published: February 03, 2026; 1:16:12 PM -0500

V3.1: 9.8 CRITICAL
CVE-2025-52627 - Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0.
Published: February 03, 2026; 1:16:13 PM -0500

V3.1: 7.5 HIGH
CVE-2025-52629 - HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects A... read CVE-2025-52629
Published: February 03, 2026; 1:16:13 PM -0500

V3.1: 6.1 MEDIUM
CVE-2025-57529 - YouDataSum CPAS Audit Management System <=v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to execute arbitrary SQL commands via crafted inpu... read CVE-2025-57529
Published: February 03, 2026; 1:16:13 PM -0500

Created September 20, 2022 , Updated August 27, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: