Latest CVE Feed
-
9.8
CRITICALCVE-2025-6161
A vulnerability, which was classified as critical, was found in SourceCodester Simple Food Ordering System 1.0. Affected is an unknown function of the file /editproduct.php. The manipulation of the argument photo leads to unrestricted upload. It is possib... Read more
Affected Products : simple_food_ordering_system simple_food_ordering_system simple_food_ordering_system- Published: Jun. 17, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2023-28267
Remote Desktop Protocol Client Information Disclosure Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_10_22h2 windows_server_2022 +8 more products- Published: Apr. 11, 2023
- Modified: Jul. 07, 2025
-
8.8
HIGHCVE-2023-29362
Remote Desktop Client Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 +7 more products- Published: Jun. 14, 2023
- Modified: Jul. 07, 2025
-
6.5
MEDIUMCVE-2023-29352
Windows Remote Desktop Security Feature Bypass Vulnerability... Read more
- Published: Jun. 14, 2023
- Modified: Jul. 07, 2025
-
8.8
HIGHCVE-2025-26645
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +14 more products- Published: Mar. 11, 2025
- Modified: Jul. 07, 2025
-
5.3
MEDIUMCVE-2023-28290
Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability... Read more
- Published: May. 09, 2023
- Modified: Jul. 07, 2025
-
8.8
HIGHCVE-2024-6040
In parisneo/lollms-webui version v9.8, the lollms_binding_infos is missing the client_id parameter, which leads to multiple security vulnerabilities. Specifically, the endpoints /reload_binding, /install_binding, /reinstall_binding, /unInstall_binding, /s... Read more
- Published: Aug. 01, 2024
- Modified: Jul. 07, 2025
-
6.4
MEDIUMCVE-2025-6538
The Post Rating and Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authe... Read more
Affected Products : post_rating_and_review- Published: Jun. 26, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-2040
A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this vulnerability is an unknown functionality of the file /admin-api/bpm/model/deploy. The manipulation leads to improper neutralization of special element... Read more
- Published: Mar. 06, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Injection
-
9.0
CRITICALCVE-2025-26206
Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component... Read more
Affected Products : storefront- Published: Mar. 03, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-26849
There is a Hard-coded Cryptographic Key in Docusnap 13.0.1440.24261, and earlier and later versions. This key can be used to decrypt inventory files that contain sensitive information such as firewall rules.... Read more
Affected Products : docusnap- Published: Mar. 04, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Cryptography
-
6.5
MEDIUMCVE-2025-26320
t0mer BroadlinkManager v5.9.1 was discovered to contain an OS command injection vulnerability via the IP Address parameter at /device/ping.... Read more
Affected Products : broadlinkmanager- Published: Mar. 04, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Injection
-
3.3
LOWCVE-2024-56467
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.... Read more
- Published: Feb. 06, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2025-32715
Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +12 more products- Published: Jun. 10, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Information Disclosure
-
3.3
LOWCVE-2024-56493
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.... Read more
- Published: Feb. 27, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Information Disclosure
-
8.0
HIGHCVE-2025-27487
Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +13 more products- Published: Apr. 08, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Memory Corruption
-
3.3
LOWCVE-2025-0900
PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to expl... Read more
- Published: Mar. 11, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Information Disclosure
-
3.3
LOWCVE-2024-56494
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.... Read more
- Published: Feb. 27, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Information Disclosure
-
3.3
LOWCVE-2024-56495
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.... Read more
- Published: Feb. 27, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Information Disclosure
-
3.3
LOWCVE-2024-56496
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.... Read more
- Published: Feb. 27, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Information Disclosure