Latest CVE Feed
-
5.3
MEDIUMCVE-2024-12611
The School Management System for Wordpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 93.0.0 due to insufficient input sanitization and output escaping. This makes i... Read more
Affected Products : school_management_system- Published: Mar. 07, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Cross-Site Scripting
-
5.4
MEDIUMCVE-2025-25929
A reflected cross-site scripting (XSS) vulnerability in the component /legacyui/quickReportServlet of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the re... Read more
Affected Products : openmrs- Published: Mar. 11, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Cross-Site Scripting
-
7.7
HIGHCVE-2025-25680
LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a RCE vulnerability in the tuya_ipc_direct_connect function of the anyka_ipc process. The vulnerability allows arbitrary code execution through the Wi-Fi configuration process when a specially cra... Read more
- Published: Mar. 11, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Authentication
-
7.8
HIGHCVE-2022-41121
Windows Graphics Component Elevation of Privilege Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +16 more products- Published: Dec. 13, 2022
- Modified: Jul. 07, 2025
-
6.5
MEDIUMCVE-2022-22015
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server windows_10_1607 +15 more products- Published: May. 10, 2022
- Modified: Jul. 07, 2025
-
8.8
HIGHCVE-2021-34535
Remote Desktop Client Remote Code Execution Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +8 more products- Published: Aug. 12, 2021
- Modified: Jul. 07, 2025
-
8.4
HIGHCVE-2024-49105
Remote Desktop Client Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +13 more products- Published: Dec. 12, 2024
- Modified: Jul. 07, 2025
-
8.5
HIGHCVE-2019-0887
A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_11_21h2 remote_desktop +1 more products- Published: Jul. 15, 2019
- Modified: Jul. 07, 2025
-
8.8
HIGHCVE-2024-38131
Clipboard Virtual Channel Extension Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 +12 more products- Published: Aug. 13, 2024
- Modified: Jul. 07, 2025
-
5.4
MEDIUMCVE-2022-24503
Remote Desktop Protocol Client Information Disclosure Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server windows_10_1607 +15 more products- Published: Mar. 09, 2022
- Modified: Jul. 07, 2025
-
7.4
HIGHCVE-2021-38665
Remote Desktop Protocol Client Information Disclosure Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +11 more products- Published: Nov. 10, 2021
- Modified: Jul. 07, 2025
-
8.8
HIGHCVE-2021-1669
Windows Remote Desktop Security Feature Bypass Vulnerability... Read more
Affected Products : windows_10 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_1507 windows_10_1803 remote_desktop windows_10_1909 +4 more products- Published: Jan. 12, 2021
- Modified: Jul. 07, 2025
-
6.5
MEDIUMCVE-2022-26940
Remote Desktop Protocol Client Information Disclosure Vulnerability... Read more
Affected Products : windows_server_2022 windows_11_21h2 windows_11 remote_desktop remote_desktop_client- Published: May. 10, 2022
- Modified: Jul. 07, 2025
-
9.3
HIGHCVE-2022-22017
Remote Desktop Client Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2022 windows_11_21h2 windows_11 remote_desktop remote_desktop_client- Published: May. 10, 2022
- Modified: Jul. 07, 2025
-
4.3
MEDIUMCVE-2025-6069
The html.parser.HTMLParser class had worse-case quadratic complexity when processing certain crafted malformed inputs potentially leading to amplified denial-of-service.... Read more
Affected Products : python- Published: Jun. 17, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Denial of Service
-
8.8
HIGHCVE-2022-23302
JMSSink in all versions of Log4j 1.x is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration or if the configuration references an LDAP service the attacker has access to. The attacker can provide a... Read more
Affected Products : business_intelligence weblogic_server identity_manager_connector snapmanager mysql_enterprise_monitor hyperion_data_relationship_management tuxedo business_process_management_suite communications_instant_messaging_server communications_offline_mediation_controller +16 more products- Published: Jan. 18, 2022
- Modified: Jul. 07, 2025
-
3.3
LOWCVE-2024-56810
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.... Read more
- Published: Feb. 27, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Information Disclosure
-
3.3
LOWCVE-2024-56811
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.... Read more
- Published: Feb. 27, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Information Disclosure
-
8.0
HIGHCVE-2025-25928
A Cross-Site Request Forgery (CSRF) in the component /admin/users/user.form of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted request. In this case, an attacker could elevate a low-privileged account to an admini... Read more
Affected Products : openmrs- Published: Mar. 11, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.5
MEDIUMCVE-2024-56812
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.... Read more
- Published: Feb. 27, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Information Disclosure