Latest CVE Feed
-
6.5
MEDIUMCVE-2024-39000
adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.... Read more
Affected Products : swiper- Published: Jul. 01, 2024
- Modified: Jul. 07, 2025
-
6.5
MEDIUMCVE-2024-38997
adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function extendDefaults. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.... Read more
Affected Products : swiper- Published: Jul. 01, 2024
- Modified: Jul. 07, 2025
-
5.0
MEDIUMCVE-2012-5972
Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI.... Read more
Affected Products : specview- Published: Jan. 17, 2013
- Modified: Jul. 07, 2025
-
7.3
HIGHCVE-2024-38994
amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.... Read more
Affected Products : common- Published: Jul. 01, 2024
- Modified: Jul. 07, 2025
-
8.7
HIGHCVE-2025-40732
user enumeration vulnerability in Daily Expense Manager v1.0. To exploit this vulnerability a POST request must be sent using the name parameter in /check.php... Read more
Affected Products : daily_expense_manager- Published: Jun. 30, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2025-40731
SQL injection vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to retrieve, create, update and delete databases through the pname, pprice and id parameters in /update.php.... Read more
Affected Products : daily_expense_manager- Published: Jun. 30, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Injection
-
7.0
HIGHCVE-2025-21191
Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Race Condition
-
9.0
HIGHCVE-2025-6487
A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been rated as critical. This issue affects the function formRoute of the file /boafrm/formRoute. The manipulation of the argument subnet leads to stack-based buffer overflow. The at... Read more
- Published: Jun. 22, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2023-47253
Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter.... Read more
- Published: Nov. 06, 2023
- Modified: Jul. 07, 2025
-
9.0
HIGHCVE-2025-6486
A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been declared as critical. This vulnerability affects the function formWlanMultipleAP of the file /boafrm/formWlanMultipleAP. The manipulation of the argument submit-url leads to st... Read more
- Published: Jun. 22, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-6123
A vulnerability has been found in code-projects Restaurant Order System 1.0 and classified as critical. This vulnerability affects unknown code of the file /payment.php. The manipulation of the argument tabidNoti leads to sql injection. The attack can be ... Read more
- Published: Jun. 16, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-6161
A vulnerability, which was classified as critical, was found in SourceCodester Simple Food Ordering System 1.0. Affected is an unknown function of the file /editproduct.php. The manipulation of the argument photo leads to unrestricted upload. It is possib... Read more
Affected Products : simple_food_ordering_system simple_food_ordering_system simple_food_ordering_system- Published: Jun. 17, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2023-28267
Remote Desktop Protocol Client Information Disclosure Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_10_22h2 windows_server_2022 +8 more products- Published: Apr. 11, 2023
- Modified: Jul. 07, 2025
-
8.8
HIGHCVE-2023-29362
Remote Desktop Client Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 +7 more products- Published: Jun. 14, 2023
- Modified: Jul. 07, 2025
-
6.5
MEDIUMCVE-2023-29352
Windows Remote Desktop Security Feature Bypass Vulnerability... Read more
- Published: Jun. 14, 2023
- Modified: Jul. 07, 2025
-
8.8
HIGHCVE-2025-26645
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +14 more products- Published: Mar. 11, 2025
- Modified: Jul. 07, 2025
-
5.3
MEDIUMCVE-2023-28290
Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability... Read more
- Published: May. 09, 2023
- Modified: Jul. 07, 2025
-
8.8
HIGHCVE-2024-6040
In parisneo/lollms-webui version v9.8, the lollms_binding_infos is missing the client_id parameter, which leads to multiple security vulnerabilities. Specifically, the endpoints /reload_binding, /install_binding, /reinstall_binding, /unInstall_binding, /s... Read more
- Published: Aug. 01, 2024
- Modified: Jul. 07, 2025
-
6.4
MEDIUMCVE-2025-6538
The Post Rating and Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authe... Read more
Affected Products : post_rating_and_review- Published: Jun. 26, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-2040
A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this vulnerability is an unknown functionality of the file /admin-api/bpm/model/deploy. The manipulation leads to improper neutralization of special element... Read more
- Published: Mar. 06, 2025
- Modified: Jul. 07, 2025
- Vuln Type: Injection