U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2020-37114 - GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information dis... read CVE-2020-37114
    Published: February 03, 2026; 1:16:11 PM -0500

    V3.1: 6.5 MEDIUM

  • CVE-2020-37116 - GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, l... read CVE-2020-37116
    Published: February 03, 2026; 1:16:12 PM -0500

    V3.1: 8.8 HIGH

  • CVE-2025-3569 - A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ShiroConfig.java. The manipulation leads to improper authorization. The attack ma... read CVE-2025-3569
    Published: April 14, 2025; 10:15:25 AM -0400

  • CVE-2025-3546 - A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is the function FCGI_CheckStringIfContainsSemicolon of the fil... read CVE-2025-3546
    Published: April 13, 2025; 10:15:13 PM -0400

  • CVE-2020-37115 - GUnet OpenEclass 1.7.3 stores user credentials in plaintext, allowing administrators to view all registered users' usernames and passwords without encryption. This vulnerability exposes sensitive information and increases the risk of credential th... read CVE-2020-37115
    Published: February 03, 2026; 1:16:11 PM -0500

    V3.1: 4.9 MEDIUM

  • CVE-2025-59891 - Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. T... read CVE-2025-59891
    Published: January 28, 2026; 7:15:50 AM -0500

    V3.1: 8.0 HIGH

  • CVE-2025-59892 - Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. T... read CVE-2025-59892
    Published: January 28, 2026; 7:15:50 AM -0500

    V3.1: 8.0 HIGH

  • CVE-2025-59893 - Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. T... read CVE-2025-59893
    Published: January 28, 2026; 7:15:50 AM -0500

    V3.1: 8.0 HIGH

  • CVE-2025-59894 - Cross-Site request forgery (CSRF) vulnerability in Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18. An authenticated user could cause another user to perform unwanted actions within the application they are logged into. T... read CVE-2025-59894
    Published: January 28, 2026; 7:15:50 AM -0500

    V3.1: 8.0 HIGH

  • CVE-2025-59895 - Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a remote denial-of-service (DoS) vulnerability in the configuration restore functionality. The issue is due to insufficient validation of user-supplied data during t... read CVE-2025-59895
    Published: January 28, 2026; 7:15:51 AM -0500

    V3.1: 7.5 HIGH

  • CVE-2025-59896 - Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from the... read CVE-2025-59896
    Published: January 28, 2026; 7:15:51 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2025-59897 - Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from the... read CVE-2025-59897
    Published: January 28, 2026; 7:15:51 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2025-59898 - Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from the... read CVE-2025-59898
    Published: January 28, 2026; 7:15:51 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2025-59899 - Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from the... read CVE-2025-59899
    Published: January 28, 2026; 7:15:51 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2025-59900 - Sync Breeze Enterprise Server v10.4.18 and Disk Pulse Enterprise v10.4.18 contain a persistent authenticated Cross-Site Scripting (XSS) vulnerability. An attacker could send malicious content to an authenticated user and steal information from the... read CVE-2025-59900
    Published: January 28, 2026; 7:15:51 AM -0500

    V3.1: 5.4 MEDIUM

  • CVE-2025-46651 - Tiny File Manager through 2.6 contains a server-side request forgery (SSRF) vulnerability in the URL upload feature. Due to insufficient validation of user-supplied URLs, an attacker can send crafted requests to localhost by using http://www.127.0... read CVE-2025-46651
    Published: February 03, 2026; 1:16:12 PM -0500

  • CVE-2025-52626 - A Potential Command Injection vulnerability in HCL AION.  An This can allow unintended command execution, potentially leading to unauthorized actions on the underlying system.This issue affects AION: 2.0
    Published: February 03, 2026; 1:16:12 PM -0500

    V3.1: 9.8 CRITICAL

  • CVE-2025-52627 - Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0.
    Published: February 03, 2026; 1:16:13 PM -0500

    V3.1: 7.5 HIGH

  • CVE-2025-52629 - HCL AION is susceptible to Missing Content-Security-Policy.  An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects A... read CVE-2025-52629
    Published: February 03, 2026; 1:16:13 PM -0500

    V3.1: 6.1 MEDIUM

  • CVE-2025-57529 - YouDataSum CPAS Audit Management System <=v4.9 is vulnerable to SQL Injection in /cpasList/findArchiveReportByDah due to insufficient input validation. This allows remote unauthenticated attackers to execute arbitrary SQL commands via crafted inpu... read CVE-2025-57529
    Published: February 03, 2026; 1:16:13 PM -0500

Created September 20, 2022 , Updated August 27, 2024