Total
32061 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-1669 | 1 Microsoft | 14 Remote Desktop, Remote Desktop Client, Windows 10 and 11 more | 2025-07-07 | 8.8 High |
| Windows Remote Desktop Security Feature Bypass Vulnerability | ||||
| CVE-2024-49105 | 1 Microsoft | 17 Remote Desktop Client, Windows 10 1507, Windows 10 1607 and 14 more | 2025-07-07 | 8.4 High |
| Remote Desktop Client Remote Code Execution Vulnerability | ||||
| CVE-2022-41121 | 1 Microsoft | 12 Powershell, Remote Desktop Client, Windows 10 and 9 more | 2025-07-07 | 7.8 High |
| Windows Graphics Component Elevation of Privilege Vulnerability | ||||
| CVE-2022-22017 | 1 Microsoft | 3 Remote Desktop Client, Windows 11, Windows Server 2022 | 2025-07-07 | 8.8 High |
| Remote Desktop Client Remote Code Execution Vulnerability | ||||
| CVE-2021-34535 | 1 Microsoft | 17 Remote Desktop Client, Windows 10, Windows 10 1507 and 14 more | 2025-07-07 | 8.8 High |
| Remote Desktop Client Remote Code Execution Vulnerability | ||||
| CVE-2022-22015 | 1 Microsoft | 10 Remote Desktop Client, Windows 10, Windows 11 and 7 more | 2025-07-07 | 6.5 Medium |
| Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability | ||||
| CVE-2022-26940 | 1 Microsoft | 3 Remote Desktop Client, Windows 11, Windows Server 2022 | 2025-07-07 | 6.5 Medium |
| Remote Desktop Protocol Client Information Disclosure Vulnerability | ||||
| CVE-2024-52871 | 1 Flagsmith | 1 Flagsmith | 2025-07-07 | 7.5 High |
| In Flagsmith before 2.134.1, it is possible to bypass the ALLOW_REGISTRATION_WITHOUT_INVITE setting. | ||||
| CVE-2024-52872 | 1 Flagsmith | 1 Flagsmith | 2025-07-07 | 7.5 High |
| In Flagsmith before 2.134.1, the get_document endpoint is not correctly protected by permissions. | ||||
| CVE-2024-48270 | 1 Misstt123 | 1 Oasys | 2025-07-07 | 7.5 High |
| An issue in the component /logins of oasys v1.1 allows attackers to access sensitive information via a burst attack. | ||||
| CVE-2024-1569 | 1 Lollms | 1 Lollms-webui | 2025-07-07 | 7.5 High |
| parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_code` and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the default folder opener (e.g., File Explorer, xdg-open) multiple times. This can render the host machine unusable by exhausting system resources. The vulnerability is present in the latest version of the software. | ||||
| CVE-2024-20319 | 1 Cisco | 1 Ios Xr | 2025-07-07 | 4.3 Medium |
| A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management plane protection policies and access the Simple Network Management Plane (SNMP) server of an affected device. This vulnerability is due to incorrect UDP forwarding programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by attempting to perform an SNMP operation using broadcast as the destination address that could be processed by an affected device that is configured with an SNMP server. A successful exploit could allow the attacker to communicate to the device on the configured SNMP ports. Although an unauthenticated attacker could send UDP datagrams to the configured SNMP port, only an authenticated user can retrieve or modify data using SNMP requests. | ||||
| CVE-2021-40116 | 1 Cisco | 3 Firepower Threat Defense, Secure Firewall Management Center, Snort | 2025-07-07 | 8.6 High |
| Multiple Cisco products are affected by a vulnerability in Snort rules that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.The vulnerability is due to improper handling of the Block with Reset or Interactive Block with Reset actions if a rule is configured without proper constraints. An attacker could exploit this vulnerability by sending a crafted IP packet to the affected device. A successful exploit could allow the attacker to cause through traffic to be dropped. Note: Only products with Snort3 configured and either a rule with Block with Reset or Interactive Block with Reset actions configured are vulnerable. Products configured with Snort2 are not vulnerable. | ||||
| CVE-2024-46702 | 1 Linux | 1 Linux Kernel | 2025-07-07 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Mark XDomain as unplugged when router is removed I noticed that when we do discrete host router NVM upgrade and it gets hot-removed from the PCIe side as a result of NVM firmware authentication, if there is another host connected with enabled paths we hang in tearing them down. This is due to fact that the Thunderbolt networking driver also tries to cleanup the paths and ends up blocking in tb_disconnect_xdomain_paths() waiting for the domain lock. However, at this point we already cleaned the paths in tb_stop() so there is really no need for tb_disconnect_xdomain_paths() to do that anymore. Furthermore it already checks if the XDomain is unplugged and bails out early so take advantage of that and mark the XDomain as unplugged when we remove the parent router. | ||||
| CVE-2024-49395 | 3 Mutt, Neomutt, Redhat | 3 Mutt, Neomutt, Enterprise Linux | 2025-07-05 | 5.3 Medium |
| In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info. | ||||
| CVE-2024-6237 | 1 Redhat | 3 389 Directory Server, Directory Server, Enterprise Linux | 2025-07-05 | 6.5 Medium |
| A flaw was found in the 389 Directory Server. This flaw allows an unauthenticated user to cause a systematic server crash while sending a specific extended search request, leading to a denial of service. | ||||
| CVE-2024-1019 | 1 Owasp | 1 Modsecurity | 2025-07-03 | 8.6 High |
| ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability. | ||||
| CVE-2024-35122 | 1 Ibm | 1 I | 2025-07-03 | 2.8 Low |
| IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to a file level local denial of service caused by an insufficient authority requirement. A local non-privileged user can configure a referential constraint with the privileges of a user socially engineered to access the target file. | ||||
| CVE-2024-3892 | 1 Progress | 1 Telerik Ui For Winforms | 2025-07-03 | 7.2 High |
| A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system. | ||||
| CVE-2025-5526 | 1 Boonebgorges | 1 Buddypress Docs | 2025-07-03 | 4.3 Medium |
| The BuddyPress Docs WordPress plugin before 2.2.5 lacks proper access controls and allows a logged in user to view and download files belonging to another user | ||||