NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-46625	Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is autho...	2025-05-01	8.8	NETWORK	HIGH	NVD
CVE-2025-46569	Open Policy Agent (OPA) is an open source, general-purpose policy engine. Prior to version 1.4.0, when run as a server, OPA exposes an HTTP Data API f...	2025-05-01	7.4	NETWORK	HIGH	NVD
CVE-2025-4174	A vulnerability, which was classified as critical, has been found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this issue is some ...	2025-05-01	7.3	NETWORK	HIGH	NVD
CVE-2025-3517	Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously con...	2025-05-01	6.3	NETWORK	MEDIUM	NVD
CVE-2025-36558	KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the sso_token used for authentication. If an attacker pr...	2025-05-01	6.1	NETWORK	MEDIUM	NVD
CVE-2025-36521	MicroDicom DICOM Viewer is vulnerable to an out-of-bounds read which may allow an attacker to cause memory corruption within the application. The user...	2025-05-01	8.8	NETWORK	HIGH	NVD
CVE-2025-35996	KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker crafts a special filename that can be stored by API end...	2025-05-01	9.0	NETWORK	CRITICAL	NVD
CVE-2025-35975	MicroDicom DICOM Viewer is vulnerable to an out-of-bounds write which may allow an attacker to execute arbitrary code. The user must open a malicious ...	2025-05-01	8.8	NETWORK	HIGH	NVD
CVE-2025-32011	KUNBUS PiCtory versions 2.5.0 through 2.11.1 have an authentication bypass vulnerability where a remote attacker can bypass authentication to get acce...	2025-05-01	9.8	NETWORK	CRITICAL	NVD
CVE-2025-24522	KUNBUS Revolution Pi OS Bookworm 01/2025 is vulnerable because authentication is not configured by default for the Node-RED server. This can give an u...	2025-05-01	10.0	NETWORK	CRITICAL	NVD
CVE-2025-46568	Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is ...	2025-05-01	7.7	NETWORK	HIGH	NVD
CVE-2025-46567	LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the `llamafy_baichuan2.py` scri...	2025-05-01	6.1	LOCAL	MEDIUM	NVD
CVE-2025-46566	DataEase is an open-source BI tool alternative to Tableau. Prior to version 2.10.9, authenticated users can complete RCE through the backend JDBC link...	2025-05-01	6.8	NETWORK	MEDIUM	NVD
CVE-2025-46565	Vite is a frontend tooling framework for javascript. Prior to versions 6.3.4, 6.2.7, 6.1.6, 5.4.19, and 4.5.14, the contents of files in the project r...	2025-05-01	6.0	NETWORK	MEDIUM	NVD
CVE-2025-46345	Auth0 Account Link Extension is an extension aimed to help link accounts easily. Versions 2.3.4 to 2.6.6 do not verify the signature of the provided J...	2025-05-01	6.9	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.