NVD

Icon for New NVD Communications and Status Updates Page

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2025-0793 - A vulnerability has been found in ESAFENET CDG V5 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /todoDetail.jsp. The manipulation of the argument flowId leads to sql injection. The attack can be... read CVE-2025-0793
Published: January 28, 2025; 8:15:07 PM -0500

V3.1: 9.8 CRITICAL
CVE-2025-0794 - A vulnerability was found in ESAFENET CDG V5 and classified as problematic. Affected by this issue is some unknown functionality of the file /todoDetail.jsp. The manipulation of the argument curpage leads to cross site scripting. The attack may be... read CVE-2025-0794
Published: January 28, 2025; 8:15:07 PM -0500

V3.1: 6.1 MEDIUM
CVE-2025-0795 - A vulnerability was found in ESAFENET CDG V5. It has been classified as problematic. This affects an unknown part of the file /todolistjump.jsp. The manipulation of the argument flowId leads to cross site scripting. It is possible to initiate the ... read CVE-2025-0795
Published: January 28, 2025; 9:15:26 PM -0500

V3.1: 6.1 MEDIUM
CVE-2024-45627 - In Apache Linkis <1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. There... read CVE-2024-45627
Published: January 14, 2025; 12:15:17 PM -0500
CVE-2024-9020 - The List category posts WordPress plugin before 0.90.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and abo... read CVE-2024-9020
Published: January 18, 2025; 1:15:27 AM -0500
CVE-2024-12321 - The WC Affiliate WordPress plugin through 2.3.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Published: January 27, 2025; 1:15:22 AM -0500
CVE-2024-13052 - The Dental Optimizer Patient Generator App WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users su... read CVE-2024-13052
Published: January 27, 2025; 1:15:22 AM -0500
CVE-2024-13116 - The Crelly Slider WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disa... read CVE-2024-13116
Published: January 27, 2025; 1:15:23 AM -0500
CVE-2024-13117 - The Social Share Buttons for WordPress plugin through 2.7 allows an unauthenticated user to upload arbitrary images and change the path where they are uploaded
Published: January 27, 2025; 1:15:23 AM -0500
CVE-2025-2033 - A vulnerability, which was classified as critical, was found in code-projects Blood Bank Management System 1.0. Affected is an unknown function of the file /user_dashboard/view_donor.php. The manipulation of the argument donor_id leads to sql inje... read CVE-2025-2033
Published: March 06, 2025; 12:15:24 PM -0500

V3.1: 8.8 HIGH
CVE-2025-2037 - A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /user_dashboard/delete_requester.php. The manipulation of the argument requester_id ... read CVE-2025-2037
Published: March 06, 2025; 2:15:28 PM -0500

V3.1: 8.8 HIGH
CVE-2025-2038 - A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /upload/. The manipulation leads to exposure of information through directory listin... read CVE-2025-2038
Published: March 06, 2025; 3:15:38 PM -0500

V3.1: 7.3 HIGH
CVE-2025-2039 - A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0. Affected is an unknown function of the file /admin/delete_members.php. The manipulation of the argument member_id leads to sql injection. It i... read CVE-2025-2039
Published: March 06, 2025; 3:15:38 PM -0500

V3.1: 7.2 HIGH
CVE-2025-2044 - A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/delete_bloodGroup.php. The manipulation of the argument bl... read CVE-2025-2044
Published: March 06, 2025; 5:15:35 PM -0500

V3.1: 7.2 HIGH
CVE-2025-0734 - A vulnerability has been found in y_project RuoYi up to 4.8.0 and classified as critical. This vulnerability affects the function getBeanName of the component Whitelist. The manipulation leads to deserialization. The attack can be initiated remote... read CVE-2025-0734
Published: January 27, 2025; 2:15:19 PM -0500

V3.1: 7.2 HIGH
CVE-2025-2655 - A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been declared as critical. This vulnerability affects the function save_users of the file /classes/Users.php. The manipulation of the argument ID leads to sql in... read CVE-2025-2655
Published: March 23, 2025; 1:15:29 PM -0400

V3.1: 9.8 CRITICAL
CVE-2025-4120 - A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been classified as critical. Affected is the function sub_4238E8. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. The ve... read CVE-2025-4120
Published: April 30, 2025; 10:15:31 AM -0400

V3.1: 9.8 CRITICAL
CVE-2025-4121 - A vulnerability was found in Netgear JWNR2000v2 1.0.0.11. It has been declared as critical. Affected by this vulnerability is the function cmd_wireless. The manipulation of the argument host leads to command injection. The attack can be launched r... read CVE-2025-4121
Published: April 30, 2025; 10:15:31 AM -0400

V3.1: 9.8 CRITICAL
CVE-2025-2656 - A vulnerability classified as critical has been found in PHPGurukul Zoo Management System 2.1. Affected is an unknown function of the file /admin/login.php. The manipulation of the argument Username leads to sql injection. It is possible to launch... read CVE-2025-2656
Published: March 23, 2025; 1:15:29 PM -0400

V3.1: 9.8 CRITICAL
CVE-2025-4150 - A vulnerability was found in Netgear EX6200 1.0.3.94. It has been declared as critical. This vulnerability affects the function sub_54340. The manipulation of the argument host leads to buffer overflow. The attack can be initiated remotely. The ve... read CVE-2025-4150
Published: May 01, 2025; 1:15:52 AM -0400

V3.1: 9.8 CRITICAL

Created September 20, 2022 , Updated August 27, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: