NVD

Icon for New NVD Communications and Status Updates Page

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2025-11188 - The Kiwire Captive Portal contains a blind SQL injection in the nas-id parameter, allowing for SQL commands to be issued and to compromise the corresponding database.
Published: October 10, 2025; 7:15:40 AM -0400
CVE-2025-10988 - A vulnerability was identified in YunaiV ruoyi-vue-pro up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit is ... read CVE-2025-10988
Published: September 25, 2025; 9:15:36 PM -0400

V3.1: 8.8 HIGH
CVE-2025-10987 - A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes im... read CVE-2025-10987
Published: September 25, 2025; 8:15:37 PM -0400

V3.1: 8.8 HIGH
CVE-2025-20338 - A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker with administrative privileges to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability i... read CVE-2025-20338
Published: September 24, 2025; 2:15:36 PM -0400

V3.1: 6.7 MEDIUM
CVE-2025-26399 - SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch... read CVE-2025-26399
Published: September 23, 2025; 1:15:35 AM -0400

V3.1: 9.8 CRITICAL
CVE-2025-10387 - A vulnerability was determined in codesiddhant Jasmin Ransomware up to 1.0.1. This vulnerability affects unknown code of the file /handshake.php. This manipulation of the argument machine_name/computer_user/os/date/time/ip/location/systemid/passwo... read CVE-2025-10387
Published: September 13, 2025; 11:15:30 PM -0400

V3.1: 8.8 HIGH
CVE-2024-28988 - SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after ... read CVE-2024-28988
Published: September 01, 2025; 6:15:30 PM -0400

V3.1: 9.8 CRITICAL
CVE-2025-9647 - A weakness has been identified in mtons mblog up to 3.5.0. This issue affects some unknown processing of the file /admin/role/list. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The explo... read CVE-2025-9647
Published: August 29, 2025; 9:15:39 AM -0400

V3.1: 6.1 MEDIUM
CVE-2025-21605 - Redis is an open source, in-memory database that persists on disk. In versions starting at 2.6 and prior to 7.4.3, An unauthenticated client can cause unlimited growth of output buffers, until the server runs out of memory or is killed. By default... read CVE-2025-21605
Published: April 23, 2025; 12:15:34 PM -0400
CVE-2025-9800 - A weakness has been identified in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. Affected by this issue is the function Import of the file apps/sim/app/api/files/upload/route.ts of the component HTML File Parser. Executing manipul... read CVE-2025-9800
Published: September 01, 2025; 7:15:29 PM -0400

V3.1: 6.1 MEDIUM
CVE-2025-9801 - A security vulnerability has been detected in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. This affects an unknown part. The manipulation of the argument filePath leads to path traversal. Remote exploitation of the attack is pos... read CVE-2025-9801
Published: September 01, 2025; 7:15:29 PM -0400

V3.1: 8.1 HIGH
CVE-2025-9805 - A vulnerability was found in SimStudioAI sim up to 51b1e97fa22c48d144aef75f8ca31a74ad2cfed2. This issue affects some unknown processing of the file apps/sim/app/api/proxy/image/route.ts. The manipulation results in server-side request forgery. The... read CVE-2025-9805
Published: September 01, 2025; 9:15:30 PM -0400

V3.1: 7.5 HIGH
CVE-2025-10096 - A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. The attack ... read CVE-2025-10096
Published: September 08, 2025; 12:15:35 PM -0400

V3.1: 6.5 MEDIUM
CVE-2024-23144 - A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk AutoCAD, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, ... read CVE-2024-23144
Published: June 24, 2024; 10:15:11 PM -0400

V3.1: 7.8 HIGH
CVE-2025-10275 - A weakness has been identified in YunaiV yudao-cloud up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Executing manipulation of the argument ids/newOwnerUserId can lead to improper authorization. The attack may be la... read CVE-2025-10275
Published: September 11, 2025; 10:15:40 PM -0400

V3.1: 8.8 HIGH
CVE-2025-10276 - A security vulnerability has been detected in YunaiV ruoyi-vue-pro up to 2025.09. This vulnerability affects unknown code of the file /crm/contract/transfer. The manipulation of the argument id/newOwnerUserId leads to improper authorization. Remot... read CVE-2025-10276
Published: September 11, 2025; 11:15:41 PM -0400

V3.1: 8.8 HIGH
CVE-2025-10277 - A vulnerability was detected in YunaiV yudao-cloud up to 2025.09. This issue affects some unknown processing of the file /crm/receivable/submit. The manipulation of the argument ID results in improper authorization. The attack can be executed remo... read CVE-2025-10277
Published: September 11, 2025; 11:15:41 PM -0400

V3.1: 8.8 HIGH
CVE-2022-49938 - In the Linux kernel, the following vulnerability has been resolved: cifs: fix small mempool leak in SMB2_negotiate() In some cases of failure (dialect mismatches) in SMB2_negotiate(), after the request is sent, the checks would return -EIO when ... read CVE-2022-49938
Published: June 18, 2025; 7:15:20 AM -0400

V3.1: 5.5 MEDIUM
CVE-2022-49937 - In the Linux kernel, the following vulnerability has been resolved: media: mceusb: Use new usb_control_msg_*() routines Automatic kernel fuzzing led to a WARN about invalid pipe direction in the mceusb driver: ------------[ cut here ]----------... read CVE-2022-49937
Published: June 18, 2025; 7:15:20 AM -0400

V3.1: 5.5 MEDIUM
CVE-2022-49936 - In the Linux kernel, the following vulnerability has been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage: ============================================ WARNIN... read CVE-2022-49936
Published: June 18, 2025; 7:15:20 AM -0400

V3.1: 5.5 MEDIUM

Created September 20, 2022 , Updated August 27, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: