Latest CVE Feed
-
9.8
CRITICALCVE-2025-4906
A vulnerability was found in PHPGurukul Notice Board System 1.0. It has been classified as critical. Affected is an unknown function of the file /login.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the att... Read more
- Published: May. 19, 2025
- Modified: May. 21, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2018-14357
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command associated with an automatic subscription.... Read more
- Published: Jul. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7912
Hanwha Techwin SRN-4000, SRN-4000 firmware versions prior to SRN4000_v2.16_170401, A specially crafted http request and response could allow an attacker to gain access to the device management page with admin privileges without proper authentication.... Read more
- Published: Apr. 08, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-18342
In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.... Read more
- Published: Jun. 27, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2016-10074
The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail add... Read more
Affected Products : swiftmailer- Published: Dec. 30, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2014-4678
The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4657.... Read more
- Published: Feb. 20, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2025-27836
An issue was discovered in Artifex Ghostscript before 10.05.0. The BJ10V device has a Print buffer overflow in contrib/japanese/gdev10v.c.... Read more
Affected Products : ghostscript- Published: Mar. 25, 2025
- Modified: Apr. 01, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2024-8695
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.... Read more
Affected Products : desktop- Published: Sep. 12, 2024
- Modified: Sep. 13, 2024
-
9.8
CRITICALCVE-2024-0057
NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 .net_framework windows_server_2019 visual_studio_2019 visual_studio windows_10_1607 windows_10_1809 windows_10_21h2 +10 more products- Published: Jan. 09, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICAL- Actively Exploited
- Published: Jul. 19, 2023
- Modified: Feb. 13, 2025
-
9.8
CRITICALCVE-2022-25765
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.... Read more
- Published: Sep. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-47274
In the Linux kernel, the following vulnerability has been resolved: tracing: Correct the length check which causes memory corruption We've suffered from severe kernel crashes due to memory corruption on our production environment, like, Call Trace: [16... Read more
Affected Products : linux_kernel- Published: May. 21, 2024
- Modified: Apr. 04, 2025
-
9.8
CRITICALCVE-2021-33640
After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free).... Read more
- Published: Dec. 19, 2022
- Modified: Apr. 02, 2025
-
9.8
CRITICALCVE-2021-26877
Windows DNS Server Remote Code Execution Vulnerability... Read more
- Published: Mar. 11, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2016-5687
The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.... Read more
- Published: Dec. 13, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2015-8391
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demo... Read more
- Published: Dec. 02, 2015
- Modified: Apr. 12, 2025
-
9.8
CRITICAL- Published: Nov. 15, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2025-24253
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.... Read more
Affected Products : macos- Published: Mar. 31, 2025
- Modified: Apr. 07, 2025
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2023-39022
oscore v2.2.6 and below was discovered to contain a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless. This vulnerability is exploited via passing an unchecked argument.... Read more
- Published: Jul. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-36397
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 +9 more products- Published: Nov. 14, 2023
- Modified: Nov. 21, 2024