Export limit exceeded: 341935 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341935 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-42053 | 1 Tenda | 2 W15e, W15e Firmware | 2025-07-07 | 7.8 High |
| Tenda AC1200 Router Model W15Ev2 V15.11.0.10(1576) was discovered to contain a command injection vulnerability via the PortMappingServer parameter in the setPortMapping function. | ||||
| CVE-2022-40846 | 1 Tenda | 2 W15e, W15e Firmware | 2025-07-07 | 4.8 Medium |
| In Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) vulnerability exists allowing an attacker to execute JavaScript code via the applications stored hostname. | ||||
| CVE-2025-25763 | 1 Crmeb | 1 Crmeb | 2025-07-07 | 9.8 Critical |
| crmeb CRMEB-KY v5.4.0 and before has a SQL Injection vulnerability at getRead() in /system/SystemDatabackupServices.php | ||||
| CVE-2022-40844 | 1 Tenda | 2 W15e, W15e Firmware | 2025-07-07 | 5.4 Medium |
| In Tenda (Shenzhen Tenda Technology Co., Ltd) AC1200 Router model W15Ev2 V15.11.0.10(1576), a Stored Cross Site Scripting (XSS) issue exists allowing an attacker to execute JavaScript code via the applications website filtering tab, specifically the URL body. | ||||
| CVE-2024-12607 | 1 Dasinfomedia | 1 School Management System | 2025-07-07 | 6.5 Medium |
| The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'mj_smgt_show_event_task' AJAX action in all versions up to, and including, 92.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-12609 | 1 Dasinfomedia | 1 School Management System | 2025-07-07 | 6.5 Medium |
| The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'view-attendance' page in all versions up to, and including, 92.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the mj_smgt_view_student_attendance() function. This makes it possible for authenticated attackers, with Student-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2025-40733 | 1 Code-projects | 1 Daily Expense Manager | 2025-07-07 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the username parameter in /login.php. | ||||
| CVE-2024-56518 | 1 Hazelcast | 1 Management Center | 2025-07-07 | 9.8 Critical |
| Hazelcast Management Center through 6.0 allows remote code execution via a JndiLoginModule user.provider.url in a hazelcast-client XML document (aka a client configuration file), which can be uploaded at the /cluster-connections URI. | ||||
| CVE-2025-40734 | 1 Code-projects | 1 Daily Expense Manager | 2025-07-07 | 6.1 Medium |
| Reflected Cross-Site Scripting (XSS) vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to execute JavaScript code by sending a POST request through the password and confirm_password parameters in /register.php. | ||||
| CVE-2024-12610 | 1 Dasinfomedia | 1 School Management System | 2025-07-07 | 5.3 Medium |
| The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'mj_smgt_remove_feetype' and 'mj_smgt_remove_category_new' AJAX actions in all versions up to, and including, 93.0.0. This makes it possible for unauthenticated attackers to delete arbitrary posts. | ||||
| CVE-2024-12611 | 1 Dasinfomedia | 1 School Management System | 2025-07-07 | 5.3 Medium |
| The School Management System for Wordpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 93.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2025-25929 | 1 Openmrs | 1 Openmrs | 2025-07-07 | 5.4 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the component /legacyui/quickReportServlet of Openmrs 2.4.3 Build 0ff0ed allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted payload injected into the reportType parameter. | ||||
| CVE-2025-25680 | 1 Lsc | 2 Ptz Dual Band Camera, Ptz Dual Band Camera Firmware | 2025-07-07 | 7.7 High |
| LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a RCE vulnerability in the tuya_ipc_direct_connect function of the anyka_ipc process. The vulnerability allows arbitrary code execution through the Wi-Fi configuration process when a specially crafted QR code is presented to the camera. | ||||
| CVE-2019-0887 | 1 Microsoft | 10 Remote Desktop Client, Windows 10, Windows 11 21h2 and 7 more | 2025-07-07 | 8.0 High |
| A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'. | ||||
| CVE-2021-1669 | 1 Microsoft | 14 Remote Desktop, Remote Desktop Client, Windows 10 and 11 more | 2025-07-07 | 8.8 High |
| Windows Remote Desktop Security Feature Bypass Vulnerability | ||||
| CVE-2021-34535 | 1 Microsoft | 17 Remote Desktop Client, Windows 10, Windows 10 1507 and 14 more | 2025-07-07 | 8.8 High |
| Remote Desktop Client Remote Code Execution Vulnerability | ||||
| CVE-2021-38665 | 1 Microsoft | 21 Remote Desktop, Remote Desktop Client, Windows 10 and 18 more | 2025-07-07 | 7.4 High |
| Remote Desktop Protocol Client Information Disclosure Vulnerability | ||||
| CVE-2022-22015 | 1 Microsoft | 23 Remote Desktop, Remote Desktop Client, Windows 10 and 20 more | 2025-07-07 | 6.5 Medium |
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | ||||
| CVE-2022-22017 | 1 Microsoft | 5 Remote Desktop, Remote Desktop Client, Windows 11 and 2 more | 2025-07-07 | 8.8 High |
| Remote Desktop Client Remote Code Execution Vulnerability | ||||
| CVE-2022-26940 | 1 Microsoft | 5 Remote Desktop, Remote Desktop Client, Windows 11 and 2 more | 2025-07-07 | 6.5 Medium |
| Remote Desktop Protocol Client Information Disclosure Vulnerability | ||||