Latest CVE Feed
-
6.1
MEDIUMCVE-2024-23031
Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL.... Read more
Affected Products : eyoucms- Published: Feb. 01, 2024
- Modified: Jun. 04, 2025
-
5.4
MEDIUMCVE-2022-37137
PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during replying the ticket. The XSS can be obtain from injecting under "Message" field with "description" parameter with the specially crafted payload to gain Stored XSS. The XSS then will pr... Read more
Affected Products : paymoney- Published: Sep. 14, 2022
- Modified: Jun. 04, 2025
-
7.8
HIGHCVE-2022-34707
Windows Kernel Elevation of Privilege Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +12 more products- Published: Aug. 09, 2022
- Modified: Jun. 04, 2025
-
7.8
HIGHCVE-2022-34706
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +12 more products- Published: Aug. 09, 2022
- Modified: Jun. 04, 2025
-
7.8
HIGHCVE-2022-34705
Windows Defender Credential Guard Elevation of Privilege Vulnerability... Read more
Affected Products : windows_10 windows_server_2016 windows_server_2019 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_server_2022 windows_11_21h2 windows_11 windows +2 more products- Published: Aug. 09, 2022
- Modified: Jun. 04, 2025
-
7.8
HIGHCVE-2022-34703
Windows Partition Management Driver Elevation of Privilege Vulnerability... Read more
Affected Products : windows_10 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_server_2022 windows_11_21h2 windows_11 +4 more products- Published: Aug. 09, 2022
- Modified: Jun. 04, 2025
-
8.1
HIGHCVE-2022-34702
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +12 more products- Published: Aug. 09, 2022
- Modified: Jun. 04, 2025
-
7.5
HIGHCVE-2022-34701
Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +12 more products- Published: Aug. 09, 2022
- Modified: Jun. 04, 2025
-
7.5
HIGHCVE-2014-1745
Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFa... Read more
Affected Products : chrome- Published: May. 21, 2014
- Modified: Jun. 04, 2025
-
9.3
HIGHCVE-2011-2016
Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current w... Read more
- Published: Nov. 08, 2011
- Modified: Jun. 04, 2025
-
7.5
HIGHCVE-2024-13254
Insertion of Sensitive Information Into Sent Data vulnerability in Drupal REST Views allows Forceful Browsing.This issue affects REST Views: from 0.0.0 before 3.0.1.... Read more
Affected Products : rest_views- Published: Jan. 09, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Information Disclosure
-
5.4
MEDIUMCVE-2024-13252
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal TacJS allows Cross-Site Scripting (XSS).This issue affects TacJS: from 0.0.0 before 6.5.0.... Read more
Affected Products : tacjs- Published: Jan. 09, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-4887
A vulnerability, which was classified as problematic, has been found in SourceCodester Online Student Clearance System 1.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launc... Read more
Affected Products : online_student_clearance_system- Published: May. 18, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Cross-Site Request Forgery
-
9.8
CRITICALCVE-2025-4886
A vulnerability classified as critical was found in itsourcecode Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/product_update.php. The manipulation of the argument serial leads to sql injecti... Read more
Affected Products : sales_and_inventory_system- Published: May. 18, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-4813
A vulnerability, which was classified as critical, was found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. Affected is an unknown function of the file /edit-phlebotomist.php. The manipulation of the argument mobilenumber leads to sql ... Read more
- Published: May. 16, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-4812
A vulnerability, which was classified as critical, has been found in PHPGurukul Human Metapneumovirus Testing Management System 1.0. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument mobilenumber leads t... Read more
- Published: May. 16, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-4811
A vulnerability was found in CodeAstro Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php of the component Login. The manipulation of the argument Username leads to sq... Read more
Affected Products : pharmacy_management_system- Published: May. 16, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Injection
-
9.1
CRITICALCVE-2024-13253
Incorrect Authorization vulnerability in Drupal Advanced PWA inc Push Notifications allows Forceful Browsing.This issue affects Advanced PWA inc Push Notifications: from 0.0.0 before 1.5.0.... Read more
Affected Products : advanced_pwa_inc_push_notifications- Published: Jan. 09, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2024-13251
Incorrect Privilege Assignment vulnerability in Drupal Registration role allows Privilege Escalation.This issue affects Registration role: from 0.0.0 before 2.0.1.... Read more
Affected Products : registration_role- Published: Jan. 09, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-2676
A vulnerability, which was classified as critical, was found in PHPGurukul Bank Locker Management System 1.0. This affects an unknown part of the file /add-subadmin.php. The manipulation of the argument sadminusername leads to sql injection. It is possibl... Read more
- Published: Mar. 24, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Injection