) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2025-5593 - A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component HOST Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely... read CVE-2025-5593
Published: June 04, 2025; 12:15:36 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2025-5594 - A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. This vulnerability affects unknown code of the component SET Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. T... read CVE-2025-5594
Published: June 04, 2025; 12:15:36 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-50677 - A cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter.
Published: December 06, 2024; 11:15:21 AM -0500 -
CVE-2024-48900 - A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to.
Published: November 13, 2024; 10:15:07 AM -0500 -
CVE-2024-46213 - REDAXO CMS v2.11.0 was discovered to contain a remote code execution (RCE) vulnerability.
Published: October 16, 2024; 5:15:12 PM -0400 -
CVE-2024-48241 - An issue in radare2 v5.8.0 through v5.9.4 allows a local attacker to cause a denial of service via the __bf_div function.
Published: October 30, 2024; 2:15:07 PM -0400 -
CVE-2024-48052 - In gradio <=4.42.0, the gr.DownloadButton function has a hidden server-side request forgery (SSRF) vulnerability. The reason is that within the save_url_to_cache function, there are no restrictions on the URL, which allows access to local target r... read CVE-2024-48052
Published: November 04, 2024; 6:15:04 PM -0500 -
CVE-2024-6766 - The shortcodes-ultimate-pro WordPress plugin before 7.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and ... read CVE-2024-6766
Published: August 06, 2024; 2:15:36 AM -0400 -
CVE-2024-40560 - Tmall_demo before v2024.07.03 was discovered to contain a SQL injection vulnerability.
Published: July 15, 2024; 12:15:03 PM -0400 -
CVE-2024-40555 - Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upload vulnerability.
Published: July 15, 2024; 12:15:03 PM -0400 -
CVE-2024-40554 - An access control issue in Tmall_demo v2024.07.03 allows attackers to obtain sensitive information.
Published: July 15, 2024; 12:15:03 PM -0400 -
CVE-2024-40553 - Tmall_demo v2024.07.03 was discovered to contain an arbitrary file upload via the component uploadUserHeadImage.
Published: July 15, 2024; 12:15:03 PM -0400 -
CVE-2024-4977 - The Index WP MySQL For Speed WordPress plugin before 1.4.18 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Published: July 13, 2024; 2:15:03 AM -0400 -
CVE-2024-30799 - An issue in PX4 Autopilot v1.14 and before allows a remote attacker to execute arbitrary code and cause a denial of service via the Breach Return Point function.
Published: April 21, 2024; 9:15:47 PM -0400V3.1: 4.4 MEDIUM
-
CVE-2024-29460 - An issue in PX4 Autopilot v.1.14.0 allows an attacker to manipulate the flight path allowing for crashes of the drone via the home point location of the mission_block.cpp component.
Published: April 10, 2024; 5:15:06 PM -0400 -
CVE-2024-2260 - A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT to... read CVE-2024-2260
Published: April 15, 2024; 8:15:11 PM -0400V3.1: 4.2 MEDIUM
-
CVE-2024-31759 - An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function.
Published: April 16, 2024; 7:15:09 PM -0400 -
CVE-2024-2996 - A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been classified as problematic. Affected is an unknown function of the component Page Title Handler. The manipulation leads to cross site scripting.... read CVE-2024-2996
Published: March 27, 2024; 4:15:10 PM -0400V3.1: 4.8 MEDIUM
-
CVE-2024-2997 - A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument Category Name/Model Name/... read CVE-2024-2997
Published: March 27, 2024; 5:15:48 PM -0400V3.1: 5.4 MEDIUM
-
CVE-2024-2998 - A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Store Update Page. The manipulation of the argument... read CVE-2024-2998
Published: March 27, 2024; 5:15:49 PM -0400V3.1: 5.4 MEDIUM