Total
306408 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27332 | 1 Pdf-xchange | 2 Pdf-tools, Pdf-xchange Editor | 2025-07-07 | N/A | 3.3 LOW |
| PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22288. | |||||
| CVE-2024-39003 | 1 Amoyjs | 1 Common | 2025-07-07 | N/A | 7.3 HIGH |
| amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function setValue. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-39002 | 1 Richardrodger | 1 Jsonic | 2025-07-07 | N/A | 6.3 MEDIUM |
| rjrodger jsonic-next v2.12.1 was discovered to contain a prototype pollution via the function util.clone. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-39000 | 1 Swiperjs | 1 Swiper | 2025-07-07 | N/A | 6.5 MEDIUM |
| adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function parse. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2024-38997 | 1 Swiperjs | 1 Swiper | 2025-07-07 | N/A | 6.5 MEDIUM |
| adolph_dudu ratio-swiper v0.0.2 was discovered to contain a prototype pollution via the function extendDefaults. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2012-5972 | 1 Specview | 1 Specview | 2025-07-07 | 2.6 LOW | N/A |
| Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... (dot dot dot) in a URI. | |||||
| CVE-2024-38994 | 1 Amoyjs | 1 Common | 2025-07-07 | N/A | 7.3 HIGH |
| amoyjs amoy common v1.0.10 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | |||||
| CVE-2025-40732 | 1 Code-projects | 1 Daily Expense Manager | 2025-07-07 | N/A | 7.5 HIGH |
| user enumeration vulnerability in Daily Expense Manager v1.0. To exploit this vulnerability a POST request must be sent using the name parameter in /check.php | |||||
| CVE-2025-40731 | 1 Code-projects | 1 Daily Expense Manager | 2025-07-07 | N/A | 9.8 CRITICAL |
| SQL injection vulnerability in Daily Expense Manager v1.0. This vulnerability allows an attacker to retrieve, create, update and delete databases through the pname, pprice and id parameters in /update.php. | |||||
| CVE-2025-21191 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-07 | N/A | 7.0 HIGH |
| Time-of-check time-of-use (toctou) race condition in Windows Local Security Authority (LSA) allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-6487 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-07-07 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been rated as critical. This issue affects the function formRoute of the file /boafrm/formRoute. The manipulation of the argument subnet leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-47253 | 1 Qualitor | 1 Qualitor | 2025-07-07 | N/A | 9.8 CRITICAL |
| Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter. | |||||
| CVE-2025-6486 | 1 Totolink | 2 A3002r, A3002r Firmware | 2025-07-07 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in TOTOLINK A3002R 1.1.1-B20200824.0128. It has been declared as critical. This vulnerability affects the function formWlanMultipleAP of the file /boafrm/formWlanMultipleAP. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6123 | 1 Carmelogarcia | 1 Restaurant Order System | 2025-07-07 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in code-projects Restaurant Order System 1.0 and classified as critical. This vulnerability affects unknown code of the file /payment.php. The manipulation of the argument tabidNoti leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-6161 | 1 Fabianros | 1 Simple Food Ordering System | 2025-07-07 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in SourceCodester Simple Food Ordering System 1.0. Affected is an unknown function of the file /editproduct.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-28267 | 1 Microsoft | 14 Remote Desktop Client, Windows 10 1507, Windows 10 1607 and 11 more | 2025-07-07 | N/A | 6.5 MEDIUM |
| Remote Desktop Protocol Client Information Disclosure Vulnerability | |||||
| CVE-2023-29362 | 1 Microsoft | 13 Remote Desktop Client, Windows 10 1507, Windows 10 1607 and 10 more | 2025-07-07 | N/A | 8.8 HIGH |
| Remote Desktop Client Remote Code Execution Vulnerability | |||||
| CVE-2023-29352 | 1 Microsoft | 8 Remote Desktop Client, Windows 10 1809, Windows 10 21h2 and 5 more | 2025-07-07 | N/A | 6.5 MEDIUM |
| Windows Remote Desktop Security Feature Bypass Vulnerability | |||||
| CVE-2025-26645 | 1 Microsoft | 16 Remote Desktop Client, Windows 10 1507, Windows 10 1607 and 13 more | 2025-07-07 | N/A | 8.8 HIGH |
| Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | |||||
| CVE-2023-28290 | 1 Microsoft | 1 Remote Desktop App | 2025-07-07 | N/A | 5.3 MEDIUM |
| Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability | |||||