The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2025-5987 - A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs becau... read CVE-2025-5987
Published: July 07, 2025; 11:15:28 AM -0400V3.1: 8.1 HIGH
-
CVE-2025-63435 - Xtooltech Xtool AnyScan Android Application 4.40.40 is Missing Authentication for Critical Function. The server-side endpoint responsible for serving update packages for the application does not require any authentication. This allows an unauthent... read CVE-2025-63435
Published: November 24, 2025; 12:16:08 PM -0500 -
CVE-2025-63434 - The update mechanism in Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is insecure. The application downloads and extracts update packages containing executable code without performing a cryptographic integrity or authenticity check... read CVE-2025-63434
Published: November 24, 2025; 12:16:08 PM -0500 -
CVE-2025-63433 - Xtooltech Xtool AnyScan Android Application 4.40.40 and prior uses a hardcoded cryptographic key and IV to decrypt update metadata. The key is stored as a static value within the application's code. An attacker with the ability to intercept networ... read CVE-2025-63433
Published: November 24, 2025; 12:16:07 PM -0500 -
CVE-2025-63432 - Xtooltech Xtool AnyScan Android Application 4.40.40 and prior is Missing SSL Certificate Validation. The application fails to properly validate the TLS certificate from its update server. An attacker on the same network can exploit this vulnerabil... read CVE-2025-63432
Published: November 24, 2025; 12:16:07 PM -0500 -
CVE-2025-13265 - A weakness has been identified in lsfusion platform up to 6.1. This vulnerability affects the function unpackFile of the file server/src/main/java/lsfusion/server/physics/dev/integration/external/to/file/ZipUtils.java. This manipulation causes pat... read CVE-2025-13265
Published: November 17, 2025; 1:15:43 AM -0500V3.1: 9.1 CRITICAL
-
CVE-2025-34245 - Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxStandaloneVpnClientsController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leadi... read CVE-2025-34245
Published: November 06, 2025; 3:15:48 PM -0500V3.1: 6.5 MEDIUM
-
CVE-2018-11802 - In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant n... read CVE-2018-11802
Published: April 01, 2020; 6:15:15 PM -0400V3.1: 4.3 MEDIUM
V2.0: 4.0 MEDIUM
-
CVE-2018-25120 - D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance script posts to the internal goForm endpoint '/goform/Mail_Test' an... read CVE-2018-25120
Published: October 29, 2025; 3:15:36 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2022-50596 - D-Link DIR-1260 Wi-Fi router firmware versions up to and including v1.20B05 contain a command injection vulnerability within the web management interface that allows for unauthenticated attackers to execute arbitrary commands on the device with ro... read CVE-2022-50596
Published: November 06, 2025; 3:15:40 PM -0500V3.1: 9.8 CRITICAL
-
CVE-2025-34247 - Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in NetworksController.addNetworkAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disc... read CVE-2025-34247
Published: November 06, 2025; 3:15:49 PM -0500V3.1: 6.5 MEDIUM
-
CVE-2025-34246 - Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxPrevalidationController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to d... read CVE-2025-34246
Published: November 06, 2025; 3:15:48 PM -0500V3.1: 6.5 MEDIUM
-
CVE-2023-5844 - Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0.
Published: October 30, 2023; 7:15:39 AM -0400V3.1: 7.2 HIGH
-
CVE-2025-34244 - Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxDeviceFwRulesAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leadi... read CVE-2025-34244
Published: November 06, 2025; 3:15:48 PM -0500V3.1: 6.5 MEDIUM
-
CVE-2025-34243 - Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxFwRulesController.ajaxNetworkFwRulesAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, lead... read CVE-2025-34243
Published: November 06, 2025; 3:15:48 PM -0500V3.1: 6.5 MEDIUM
-
CVE-2025-34242 - Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxNetworkController.ajaxAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to disclos... read CVE-2025-34242
Published: November 06, 2025; 3:15:48 PM -0500V3.1: 6.5 MEDIUM
-
CVE-2025-34241 - Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AjaxDeviceController.ajaxDeviceAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to di... read CVE-2025-34241
Published: November 06, 2025; 3:15:48 PM -0500V3.1: 6.5 MEDIUM
-
CVE-2025-34240 - Advantech WebAccess/VPN versions prior to 1.1.5 contain a SQL injection vulnerability in AppManagementController.appUpgradeAction() that allows an authenticated low-privileged observer user to inject SQL via datatable search parameters, leading to... read CVE-2025-34240
Published: November 06, 2025; 3:15:47 PM -0500V3.1: 6.5 MEDIUM
-
CVE-2024-53015 - Memory corruption while processing IOCTL command to handle buffers associated with a session.
Published: June 03, 2025; 2:15:24 AM -0400V3.1: 6.6 MEDIUM
-
CVE-2024-53010 - Memory corruption may occur while attaching VM when the HLOS retains access to VM.
Published: June 03, 2025; 2:15:23 AM -0400V3.1: 7.8 HIGH