Total
4901 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49049 | 1 Microsoft | 1 Remote Ssh | 2025-07-08 | 7.1 High |
| Visual Studio Code Remote Extension Elevation of Privilege Vulnerability | ||||
| CVE-2024-49044 | 1 Microsoft | 1 Visual Studio 2022 | 2025-07-08 | 6.7 Medium |
| Visual Studio Elevation of Privilege Vulnerability | ||||
| CVE-2024-43530 | 1 Microsoft | 5 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 2 more | 2025-07-08 | 7.8 High |
| Windows Update Stack Elevation of Privilege Vulnerability | ||||
| CVE-2024-38204 | 1 Microsoft | 1 Azure Functions | 2025-07-08 | 7.5 High |
| Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2024-43590 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2025-07-08 | 7.8 High |
| Visual C++ Redistributable Installer Elevation of Privilege Vulnerability | ||||
| CVE-2024-43456 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2025-07-08 | 4.8 Medium |
| Windows Remote Desktop Services Tampering Vulnerability | ||||
| CVE-2024-43503 | 1 Microsoft | 1 Sharepoint Server | 2025-07-08 | 7.8 High |
| Microsoft SharePoint Elevation of Privilege Vulnerability | ||||
| CVE-2024-49105 | 1 Microsoft | 17 Remote Desktop Client, Windows 10 1507, Windows 10 1607 and 14 more | 2025-07-07 | 8.4 High |
| Remote Desktop Client Remote Code Execution Vulnerability | ||||
| CVE-2024-20319 | 1 Cisco | 1 Ios Xr | 2025-07-07 | 4.3 Medium |
| A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management plane protection policies and access the Simple Network Management Plane (SNMP) server of an affected device. This vulnerability is due to incorrect UDP forwarding programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by attempting to perform an SNMP operation using broadcast as the destination address that could be processed by an affected device that is configured with an SNMP server. A successful exploit could allow the attacker to communicate to the device on the configured SNMP ports. Although an unauthenticated attacker could send UDP datagrams to the configured SNMP port, only an authenticated user can retrieve or modify data using SNMP requests. | ||||
| CVE-2025-6837 | 1 Code-projects | 1 Library System | 2025-07-06 | 6.3 Medium |
| A vulnerability classified as critical was found in code-projects Library System 1.0. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-6900 | 1 Code-projects | 1 Library System | 2025-07-06 | 6.3 Medium |
| A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-book.php. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2012-6068 | 1 3s-software | 1 Codesys Runtime System | 2025-07-02 | 9.8 Critical |
| The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service. | ||||
| CVE-2023-47294 | 1 Ncr | 1 Terminal Handler | 2025-07-02 | 8.1 High |
| An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie. | ||||
| CVE-2025-2955 | 1 Totolink | 2 A3000ru, A3000ru Firmware | 2025-07-02 | 5.3 Medium |
| A vulnerability has been found in TOTOLINK A3000RU up to 5.9c.5185 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/ExportIbmsConfig.sh of the component IBMS Configuration File Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2688 | 1 Totolink | 2 A3000ru, A3000ru Firmware | 2025-07-02 | 4.3 Medium |
| A vulnerability classified as problematic was found in TOTOLINK A3000RU up to 5.9c.5185. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/ExportSyslog.sh of the component Syslog Configuration File Handler. The manipulation leads to improper access controls. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2499 | 1 Devolutions | 1 Remote Desktop Manager | 2025-07-02 | 5.4 Medium |
| Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An authenticated user can exploit this flaw to bypass certain permission restrictions—specifically View Password, Edit Asset, and Edit Permissions by performing specific actions. This issue affects Remote Desktop Manager versions from 2025.1.24 through 2025.1.25, and all versions up to 2024.3.29. | ||||
| CVE-2025-5382 | 1 Devolutions | 1 Devolutions Server | 2025-07-02 | 6.8 Medium |
| Improper access control in users MFA feature in Devolutions Server 2025.1.7.0 and earlier allows a user with user management permission to remove or change administrators MFA. | ||||
| CVE-2025-0691 | 1 Devolutions | 1 Devolutions Server | 2025-07-02 | 5 Medium |
| Improper access control in permissions component in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the "Edit permission" permission by bypassing the client side validation. | ||||
| CVE-2025-3768 | 1 Devolutions | 1 Devolutions Server | 2025-07-02 | 5 Medium |
| Improper access control in Tor network blocking feature in Devolutions Server 2025.1.10.0 and earlier allows an authenticated user to bypass the tor blocking feature when the Devolutions hosted endpoint is not reachable. | ||||
| CVE-2025-5108 | 1 Shopxo | 1 Shopxo | 2025-07-02 | 6.3 Medium |
| A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handler. The manipulation of the argument params leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||