NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-51970	A SQL Injection vulnerability exists in the action.php endpoint of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of ...	2025-07-29	7.7	LOCAL	HIGH	NVD
CVE-2025-50738	The Memos application, up to version v0.24.3, allows for the embedding of markdown images with arbitrary URLs. When a user views a memo containing suc...	2025-07-29	9.8	NETWORK	CRITICAL	NVD
CVE-2025-46059	langchain-ai v0.3.51 was discovered to contain an indirect prompt injection vulnerability in the GmailToolkit component. This vulnerability allows att...	2025-07-29	9.8	NETWORK	CRITICAL	NVD
CVE-2025-28172	Grandstream Networks UCM6510 v1.0.20.52 and before is vulnerable to Improper Restriction of Excessive Authentication Attempts. An attacker can perform...	2025-07-29	6.5	NETWORK	MEDIUM	NVD
CVE-2025-52358	A cross-site scripting vulnerability in Vivaldi United Group iCONTROL+ Server including Firmware version 4.7.8.0.eden Logic version 5.32 and below. Th...	2025-07-29	6.3	NETWORK	MEDIUM	NVD
CVE-2024-42645	An issue in FlashMQ v1.14.0 allows attackers to cause an assertion failure via sending a crafted retain message, leading to a Denial of Service (DoS).	2025-07-29	7.5	NETWORK	HIGH	NVD
CVE-2024-42644	FlashMQ v1.14.0 was discovered to contain an assertion failure in the function PublishCopyFactory::getNewPublish, which occurs when the QoS value of t...	2025-07-29	7.5	NETWORK	HIGH	NVD
CVE-2025-7458	An integer overflow in the sqlite3KeyInfoFromExprList function in SQLite versions 3.39.2 through 3.41.1 allows an attacker with the ability to execute...	2025-07-29	6.9	LOCAL	MEDIUM	NVD
CVE-2025-6505	Unauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress Software's Hybrid Data Pipeline Server on Linux. This vul...	2025-07-29	8.1	NETWORK	HIGH	NVD
CVE-2025-6504	In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing using the X-Forwarded-For header. Since XFF is a c...	2025-07-29	8.4	NETWORK	HIGH	NVD
CVE-2025-6175	Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in DECE Software Geodi allows HTTP Request Splitting.This issue affects Geo...	2025-07-29	7.2	NETWORK	HIGH	NVD
CVE-2025-6060	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DECE Software Geodi allows Cross-Site Scr...	2025-07-29	5.4	NETWORK	MEDIUM	NVD
CVE-2025-54422	Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.1 and below, a critical sec...	2025-07-29	5.5	LOCAL	MEDIUM	NVD
CVE-2025-41241	VMware vCenter contains a denial-of-service vulnerability. A malicious actor who is authenticated through vCenter and has permission to perform API ca...	2025-07-29	4.4	NETWORK	MEDIUM	NVD
CVE-2025-40686	Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript...	2025-07-29	6.1	NETWORK	MEDIUM	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.