NVD

Icon for New NVD Communications and Status Updates Page

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2025-66436 - An SSTI (Server-Side Template Injection) vulnerability exists in the get_terms_and_conditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates (terms) using frappe.render_template() with a user-su... read CVE-2025-66436
Published: December 15, 2025; 1:15:48 PM -0500

V3.1: 4.3 MEDIUM
CVE-2025-68384 - Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) causing a persistent denial of service (OOM crash) via submission of oversized ... read CVE-2025-68384
Published: December 18, 2025; 5:16:02 PM -0500
CVE-2025-68390 - Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation (CAPEC-130) of memory and a denial of service (DoS) via crafted HTTP req... read CVE-2025-68390
Published: December 18, 2025; 6:15:49 PM -0500
CVE-2025-68388 - Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in Packe... read CVE-2025-68388
Published: December 18, 2025; 5:16:02 PM -0500
CVE-2025-68382 - Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the NFS protocol dissector, leading to a denial-of-service (DoS) through a reliable process crash when handling truncated XDR-encod... read CVE-2025-68382
Published: December 18, 2025; 5:16:02 PM -0500
CVE-2025-14666 - A weakness has been identified in itsourcecode COVID Tracking System 1.0. The affected element is an unknown function of the file /admin/?page=user. This manipulation of the argument Username causes sql injection. The attack is possible to be carr... read CVE-2025-14666
Published: December 14, 2025; 11:15:37 AM -0500

V3.1: 9.8 CRITICAL
CVE-2025-68381 - Improper Bounds Check (CWE-787) in Packetbeat can allow a remote unauthenticated attacker to exploit a Buffer Overflow (CAPEC-100) and reliably crash the application or cause significant resource exhaustion via a single crafted UDP packet with an ... read CVE-2025-68381
Published: December 18, 2025; 5:16:02 PM -0500
CVE-2025-37727 - Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex
Published: October 10, 2025; 6:15:34 AM -0400
CVE-2025-66499 - A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacke... read CVE-2025-66499
Published: December 19, 2025; 2:16:03 AM -0500
CVE-2025-66497 - A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memo... read CVE-2025-66497
Published: December 19, 2025; 2:16:02 AM -0500

V3.1: 7.8 HIGH
CVE-2025-66498 - A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing U3D data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memo... read CVE-2025-66498
Published: December 19, 2025; 2:16:02 AM -0500

V3.1: 7.8 HIGH
CVE-2025-66496 - A memory corruption vulnerability exists in the 3D annotation handling of Foxit PDF Reader due to insufficient bounds checking when parsing PRC data. When opening a PDF file containing malformed or specially crafted PRC content, out-of-bounds memo... read CVE-2025-66496
Published: December 19, 2025; 2:16:02 AM -0500

V3.1: 7.8 HIGH
CVE-2025-66494 - A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows. A PDF object managed by multiple parent objects could be freed while still being referenced, potentially allowing a r... read CVE-2025-66494
Published: December 19, 2025; 2:16:02 AM -0500
CVE-2025-66495 - A use-after-free vulnerability exists in the annotation handling of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows and MacOS. When opening a PDF containing specially crafted JavaScript, a pointer to memory that has already been fr... read CVE-2025-66495
Published: December 19, 2025; 2:16:02 AM -0500
CVE-2025-66493 - A use-after-free vulnerability exists in the AcroForm handling of Foxit PDF Reader and Foxit PDF Editor before 2025.2.1,14.0.1 and 13.2.1 on Windows . When opening a PDF containing specially crafted JavaScript, a pointer to memory that has alre... read CVE-2025-66493
Published: December 19, 2025; 2:16:01 AM -0500
CVE-2025-13941 - A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileg... read CVE-2025-13941
Published: December 18, 2025; 9:16:04 PM -0500

V3.1: 8.8 HIGH
CVE-2025-14667 - A security vulnerability has been detected in itsourcecode COVID Tracking System 1.0. The impacted element is an unknown function of the file /admin/?page=system_info. Such manipulation of the argument meta_value leads to sql injection. The attack... read CVE-2025-14667
Published: December 14, 2025; 11:15:37 AM -0500

V3.1: 9.8 CRITICAL
CVE-2025-66501 - A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DO... read CVE-2025-66501
Published: December 19, 2025; 3:15:53 AM -0500

V3.1: 5.4 MEDIUM
CVE-2025-66502 - A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Page Templates feature. A crafted payload can be stored as the template name, which is later rendered into the DOM without proper sanitization. As a result,... read CVE-2025-66502
Published: December 19, 2025; 3:15:53 AM -0500

V3.1: 5.4 MEDIUM
CVE-2025-66519 - A stored cross-site scripting (XSS) vulnerability exists in pdfonline.foxit.com within the Layer Import functionality. A crafted payload can be injected into the “Create new Layer” field during layer import and is later rendered into the DOM witho... read CVE-2025-66519
Published: December 19, 2025; 3:15:53 AM -0500

V3.1: 5.4 MEDIUM

Created September 20, 2022 , Updated August 27, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: