) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.
For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.
Legal Disclaimer:
Here is where you can read the NVD legal disclaimer.
-
CVE-2025-3186 - A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /patient/invoice.php. The manipulation of the argumen... read CVE-2025-3186
Published: April 03, 2025; 8:15:15 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2025-3195 - A vulnerability, which was classified as critical, has been found in itsourcecode Online Blood Bank Management System 1.0. This issue affects some unknown processing of the file /bbms.php. The manipulation of the argument Search leads to sql injec... read CVE-2025-3195
Published: April 03, 2025; 10:15:18 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2025-3204 - A vulnerability, which was classified as critical, has been found in CodeAstro Car Rental System 1.0. Affected by this issue is some unknown functionality of the file /returncar.php. The manipulation of the argument ID leads to sql injection. The ... read CVE-2025-3204
Published: April 03, 2025; 11:15:14 PM -0400V3.1: 9.8 CRITICAL
-
CVE-2022-45185 - An issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload malicious files. Then, deserialization can be used to achieve code execution.
Published: January 07, 2025; 3:15:28 PM -0500 -
CVE-2022-45186 - An issue was discovered in SuiteCRM 7.12.7. Authenticated users can recover an arbitrary field of a database.
Published: January 07, 2025; 3:15:28 PM -0500 -
CVE-2025-2960 - A vulnerability classified as problematic has been found in TRENDnet TEW-637AP and TEW-638APB 1.2.7/1.3.0.106. This affects the function sub_41DED0 of the file /bin/goahead of the component HTTP Request Handler. The manipulation leads to null poin... read CVE-2025-2960
Published: March 30, 2025; 5:15:32 PM -0400 -
CVE-2025-2959 - A vulnerability was found in TRENDnet TEW-410APB 1.3.06b. It has been rated as problematic. Affected by this issue is the function sub_4019A0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer... read CVE-2025-2959
Published: March 30, 2025; 5:15:31 PM -0400 -
CVE-2025-2954 - A vulnerability, which was classified as problematic, was found in mannaandpoem OpenManus up to 2025.3.13. This affects the function execute of the file app/tool/file_saver.py of the component File Handler. The manipulation leads to improper acces... read CVE-2025-2954
Published: March 30, 2025; 1:15:19 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2025-2953 - A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service. An attack has to be approached locally. The e... read CVE-2025-2953
Published: March 30, 2025; 12:15:14 PM -0400V3.1: 5.5 MEDIUM
-
CVE-2025-2952 - A vulnerability classified as critical was found in Bluestar Micro Mall 1.0. Affected by this vulnerability is an unknown functionality of the file /api/api.php?mod=upload&type=1. The manipulation of the argument File leads to unrestricted upload.... read CVE-2025-2952
Published: March 30, 2025; 11:15:28 AM -0400V3.1: 9.8 CRITICAL
-
CVE-2024-28732 - An issue was discovered in OFPMatch in parser.py in Faucet SDN Ryu version 4.34, allows remote attackers to cause a denial of service (DoS) (infinite loop).
Published: April 08, 2024; 10:15:07 AM -0400 -
CVE-2024-34483 - OFPGroupDescStats in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via OFPBucket.len=0.
Published: May 04, 2024; 10:15:06 PM -0400 -
CVE-2024-34484 - OFPBucket in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via action.len=0.
Published: May 04, 2024; 10:15:07 PM -0400 -
CVE-2024-34486 - OFPPacketQueue in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via OFPQueueProp.len=0.
Published: May 04, 2024; 11:15:07 PM -0400 -
CVE-2024-34487 - OFPFlowStats in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via inst.length=0.
Published: May 04, 2024; 11:15:07 PM -0400 -
CVE-2024-34488 - OFPMultipartReply in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via b.length=0.
Published: May 04, 2024; 11:15:07 PM -0400 -
CVE-2024-34489 - OFPHello in parser.py in Faucet SDN Ryu 4.34 allows attackers to cause a denial of service (infinite loop) via length=0.
Published: May 04, 2024; 11:15:07 PM -0400 -
CVE-2024-33763 - lunasvg v2.3.9 was discovered to contain a stack-buffer-underflow at lunasvg/source/layoutcontext.cpp.
Published: April 30, 2024; 11:15:07 PM -0400 -
CVE-2024-33766 - lunasvg v2.3.9 was discovered to contain an FPE (Floating Point Exception) at blend_transformed_tiled_argb.isra.0.
Published: April 30, 2024; 11:15:07 PM -0400 -
CVE-2024-33767 - lunasvg v2.3.9 was discovered to contain a segmentation violation via the component composition_solid_source.
Published: April 30, 2024; 11:15:07 PM -0400