Search

Search Results (363683 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-42053 1 Tenda 2 W15e, W15e Firmware 2025-07-07 7.8 High
Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the PortMappingServer parameter in the setPortMapping function.
CVE-2022-40846 1 Tenda 2 W15e, W15e Firmware 2025-07-07 4.8 Medium
In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) vulnerability exists allowing an attacker to execute JavaScript code via the applications stored hostname.
CVE-2025-25763 1 Crmeb 1 Crmeb 2025-07-07 9.8 Critical
crmeb CRMEB-KY v5.4.0 and before has a SQL Injection vulnerability at getRead() in /system/SystemDatabackupServices.php
CVE-2022-40844 1 Tenda 2 W15e, W15e Firmware 2025-07-07 5.4 Medium
In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) issue exists allowing an attacker to execute JavaScript code via the applications website filtering tab, specifically the URL body.
CVE-2025-40733 1 Code-projects 1 Daily Expense Manager 2025-07-07 6.1 Medium
Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the username parameter in /login.php.
CVE-2024-56518 1 Hazelcast 1 Management Center 2025-07-07 9.8 Critical
Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document (aka a client configuration file), which can be uploaded at the /cluster-connections URI.
CVE-2025-40734 1 Code-projects 1 Daily Expense Manager 2025-07-07 6.1 Medium
Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the password and confirm_password parameters in /register.php.
CVE-2025-25929 1 Openmrs 1 Openmrs 2025-07-07 5.4 Medium
A reflected cross-site scripting (XSS) vulnerability in the component /legacyui/quickReportServlet of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the reportType parameter.
CVE-2025-25680 1 Lsc 2 Ptz Dual Band Camera, Ptz Dual Band Camera Firmware 2025-07-07 7.7 High
LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a RCE vulnerability in the tuya_ipc_direct_connect function of the anyka_ipc process. The vulnerability allows arbitrary code execution through the Wi-Fi configuration process when a specially crafted QR code is presented to the camera.
CVE-2022-26940 1 Microsoft 5 Remote Desktop, Remote Desktop Client, Windows 11 and 2 more 2025-07-07 6.5 Medium
Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2019-0887 1 Microsoft 10 Remote Desktop Client, Windows 10, Windows 11 21h2 and 7 more 2025-07-07 8.0 High
A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
CVE-2021-1669 1 Microsoft 14 Remote Desktop, Remote Desktop Client, Windows 10 and 11 more 2025-07-07 8.8 High
Windows Remote Desktop Security Feature Bypass Vulnerability
CVE-2021-34535 1 Microsoft 17 Remote Desktop Client, Windows 10, Windows 10 1507 and 14 more 2025-07-07 8.8 High
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2021-38665 1 Microsoft 21 Remote Desktop, Remote Desktop Client, Windows 10 and 18 more 2025-07-07 7.4 High
Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2022-22017 1 Microsoft 5 Remote Desktop, Remote Desktop Client, Windows 11 and 2 more 2025-07-07 8.8 High
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2022-22015 1 Microsoft 23 Remote Desktop, Remote Desktop Client, Windows 10 and 20 more 2025-07-07 6.5 Medium
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2024-56810 3 Ibm, Linux, Microsoft 3 Entirex, Linux Kernel, Windows 2025-07-07 3.3 Low
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
CVE-2024-56811 3 Ibm, Linux, Microsoft 3 Entirex, Linux Kernel, Windows 2025-07-07 3.3 Low
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.
CVE-2025-25928 1 Openmrs 1 Openmrs 2025-07-07 8 High
A Cross-Site Request Forgery (CSRF) in the component /admin/users/user.form of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary operations via a crafted request. In this case, an attacker could elevate a low-privileged account to an administrative role by leveraging the CSRF vulnerability at the /admin/users/user.form endpoint.
CVE-2024-56812 3 Ibm, Linux, Microsoft 3 Entirex, Linux Kernel, Windows 2025-07-07 3.3 Low
IBM EntireX 11.1 could allow a local user to obtain sensitive information when a detailed technical error message is returned. This information could be used in further attacks against the system.