NVD

Icon for New NVD Communications and Status Updates Page

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2018-25230 - Free IP Switcher 3.1 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Computer Name field. Attackers can paste a malicious payload into the Computer Name i... read CVE-2018-25230
Published: March 30, 2026; 8:16:16 AM -0400

V3.1: 5.5 MEDIUM
CVE-2018-25231 - HeidiSQL 9.5.0.5196 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long file path in the logging preferences. Attackers can input a buffer-overflow payload through the SQ... read CVE-2018-25231
Published: March 30, 2026; 8:16:16 AM -0400

V3.1: 5.5 MEDIUM
CVE-2018-25232 - Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field. Attackers can input a buffer of 2000 characte... read CVE-2018-25232
Published: March 30, 2026; 8:16:17 AM -0400

V3.1: 5.5 MEDIUM
CVE-2018-25233 - WebDrive 18.00.5057 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the username field during Secure WebDAV connection setup. Attackers can input a buffer-o... read CVE-2018-25233
Published: March 30, 2026; 8:16:17 AM -0400

V3.1: 5.5 MEDIUM
CVE-2018-25234 - SmartFTP Client 9.0.2615.0 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can paste a buffer of 300 repeated characters into the ... read CVE-2018-25234
Published: March 30, 2026; 8:16:17 AM -0400

V3.1: 5.5 MEDIUM
CVE-2018-25235 - NetworkActiv Web Server 4.0 contains a buffer overflow vulnerability in the username field of the Security options that allows local attackers to crash the application by supplying an excessively long string. Attackers can trigger a denial of serv... read CVE-2018-25235
Published: March 30, 2026; 8:16:17 AM -0400

V3.1: 5.5 MEDIUM
CVE-2019-25653 - Navicat for Oracle 12.1.15 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the password field. Attackers can paste a buffer of 550 repeated characters into ... read CVE-2019-25653
Published: March 30, 2026; 8:16:17 AM -0400

V3.1: 5.5 MEDIUM
CVE-2019-25654 - Core FTP/SFTP Server 1.2 contains a buffer overflow vulnerability that allows attackers to crash the service by supplying an excessively long string in the User domain field. Attackers can paste a malicious payload containing 7000 bytes of data in... read CVE-2019-25654
Published: March 30, 2026; 8:16:18 AM -0400

V3.1: 7.5 HIGH
CVE-2019-25655 - Device Monitoring Studio 8.10.00.8925 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the server connection dialog. Attackers can trigger the crash by enter... read CVE-2019-25655
Published: March 30, 2026; 8:16:18 AM -0400

V3.1: 5.5 MEDIUM
CVE-2026-5122 - A security flaw has been discovered in osrg GoBGP up to 4.3.0. This affects the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP OPEN Message Handler. Performing a manipulation of the argument domainNameLen results i... read CVE-2026-5122
Published: March 30, 2026; 11:16:35 AM -0400

V3.1: 3.7 LOW
CVE-2026-34472 - Unauthenticated credential disclosure in the wizard interface in ZTE ZXHN H188A V6.0.10P2_TE and V6.0.10P3N3_TE allows unauthenticated attackers on the local network to retrieve sensitive credentials from the router's web management interface, inc... read CVE-2026-34472
Published: March 30, 2026; 12:16:07 PM -0400
CVE-2026-30305 - Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while i... read CVE-2026-30305
Published: March 30, 2026; 4:16:21 PM -0400
CVE-2026-27018 - Gotenberg is an API for converting document formats. Prior to version 8.29.0, the fix introduced for CVE-2024-21527 can be bypassed using mixed-case or uppercase URL schemes. This issue has been patched in version 8.29.0.
Published: March 30, 2026; 5:17:08 PM -0400

V3.1: 7.5 HIGH
CVE-2026-30306 - In its design for automatic terminal command execution, SakaDev offers two options: Execute safe commands and execute all commands. The description for the former states that commands determined by the model to be safe will be automatically execut... read CVE-2026-30306
Published: March 30, 2026; 5:17:08 PM -0400
CVE-2026-30308 - In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be aut... read CVE-2026-30308
Published: March 30, 2026; 5:17:09 PM -0400
CVE-2026-30313 - DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it interce... read CVE-2026-30313
Published: March 30, 2026; 5:17:09 PM -0400
CVE-2025-15612 - Wazuh provisioning scripts and Dockerfiles contain an insecure transport vulnerability where curl is invoked with the -k/--insecure flag, disabling SSL/TLS certificate validation. Attackers with network access can perform man-in-the-middle attacks... read CVE-2025-15612
Published: March 27, 2026; 3:16:41 PM -0400

V3.1: 8.1 HIGH
CVE-2026-32241 - Flannel is a network fabric for containers, designed for Kubernetes. The Flannel project includes an experimental Extension backend that allows users to easily prototype new backend types. In versions of Flannel prior to 0.28.2, this Extension bac... read CVE-2026-32241
Published: March 27, 2026; 4:16:30 PM -0400

V3.1: 8.8 HIGH
CVE-2026-33654 - nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module (`nanobot/channels/email.py`), allowing a remote, unauthenticated attacker to execute arbitrary LL... read CVE-2026-33654
Published: March 27, 2026; 4:16:32 PM -0400

V3.1: 9.8 CRITICAL
CVE-2026-33739 - FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to 1.5.10.1812, the listing tables on multiple management pages (Host, Storage, Group, Image, Printer, Snapin) are vulnerable to Stored Cross-Site Scripting ... read CVE-2026-33739
Published: March 27, 2026; 4:16:33 PM -0400

V3.1: 4.8 MEDIUM

Created September 20, 2022 , Updated August 27, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: