Latest CVE Feed
-
8.4
HIGHCVE-2024-49105
Remote Desktop Client Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +13 more products- Published: Dec. 12, 2024
- Modified: Jul. 07, 2025
-
8.5
HIGHCVE-2019-0887
A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_11_21h2 remote_desktop +1 more products- Published: Jul. 15, 2019
- Modified: Jul. 07, 2025
-
8.8
HIGHCVE-2024-38131
Clipboard Virtual Channel Extension Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 +12 more products- Published: Aug. 13, 2024
- Modified: Jul. 07, 2025
-
5.4
MEDIUMCVE-2022-24503
Remote Desktop Protocol Client Information Disclosure Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server windows_10_1607 +15 more products- Published: Mar. 09, 2022
- Modified: Jul. 07, 2025
-
7.4
HIGHCVE-2021-38665
Remote Desktop Protocol Client Information Disclosure Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +11 more products- Published: Nov. 10, 2021
- Modified: Jul. 07, 2025
-
8.8
HIGHCVE-2021-1669
Windows Remote Desktop Security Feature Bypass Vulnerability... Read more
Affected Products : windows_10 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_1507 windows_10_1803 remote_desktop windows_10_1909 +4 more products- Published: Jan. 12, 2021
- Modified: Jul. 07, 2025
-
6.5
MEDIUMCVE-2022-26940
Remote Desktop Protocol Client Information Disclosure Vulnerability... Read more
Affected Products : windows_server_2022 windows_11_21h2 windows_11 remote_desktop remote_desktop_client- Published: May. 10, 2022
- Modified: Jul. 07, 2025
-
9.3
HIGHCVE-2022-22017
Remote Desktop Client Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2022 windows_11_21h2 windows_11 remote_desktop remote_desktop_client- Published: May. 10, 2022
- Modified: Jul. 07, 2025
-
4.3
MEDIUMCVE-2025-6069
The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.... Read more
Affected Products : python- Published: Jun. 17, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Denial of Service
-
8.8
HIGHCVE-2022-23302
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a... Read more
Affected Products : business_intelligence weblogic_server identity_manager_connector snapmanager mysql_enterprise_monitor hyperion_data_relationship_management tuxedo business_process_management_suite communications_instant_messaging_server communications_offline_mediation_controller +16 more products- Published: Jan. 18, 2022
- Modified: Jul. 07, 2025
-
3.3
LOWCVE-2024-56810
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.... Read more
- Published: Feb. 27, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Information Disclosure
-
3.3
LOWCVE-2024-56811
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.... Read more
- Published: Feb. 27, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Information Disclosure
-
8.0
HIGHCVE-2025-25928
A Cross-Site Request Forgery (CSRF) in the component /admin/users/user.form of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted request. In this case, an attacker could elevate a low-privileged account to an admini... Read more
Affected Products : openmrs- Published: Mar. 11, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.5
MEDIUMCVE-2024-56812
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.... Read more
- Published: Feb. 27, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2024-57046
A vulnerability in the Netgear DGN2200 router with firmware version v1.0.0.46 and earlier permits unauthorized individuals to bypass the authentication. When adding "?x=1.gif" to the the requested url, it will be recognized as passing the authentication.... Read more
- Published: Feb. 18, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Authentication
-
5.4
MEDIUMCVE-2024-52702
A stored cross-site scripting (XSS) vulnerability in the component install\index.php of MyBB v1.8.38 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Name parameter.... Read more
Affected Products : mybb- Published: Nov. 20, 2024
- Modified: Jul. 07, 2025
-
7.5
HIGHCVE-2024-52726
CRMEB v5.4.0 is vulnerable to Arbitrary file read in the save_basics function which allows an attacker to obtain sensitive information... Read more
Affected Products : crmeb- Published: Nov. 22, 2024
- Modified: Jul. 07, 2025
-
5.5
MEDIUMCVE-2024-5285
The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF attack... Read more
Affected Products : wp_affiliate_platform- Published: Jul. 29, 2024
- Modified: Jul. 07, 2025
-
7.5
HIGHCVE-2024-52871
In Flagsmith before 2.134.1, it is possible to bypass the ALLOW_REGISTRATION_WITHOUT_INVITE setting.... Read more
Affected Products : flagsmith- Published: Nov. 17, 2024
- Modified: Jul. 07, 2025
-
7.5
HIGHCVE-2024-52872
In Flagsmith before 2.134.1, the get_document endpoint is not correctly protected by permissions.... Read more
Affected Products : flagsmith- Published: Nov. 17, 2024
- Modified: Jul. 07, 2025