Latest CVE Feed
-
9.8
CRITICAL- Actively Exploited
- Published: Jul. 19, 2023
- Modified: Feb. 13, 2025
-
9.8
CRITICALCVE-2022-25765
The package pdfkit from 0.0.0 are vulnerable to Command Injection where the URL is not properly sanitized.... Read more
- Published: Sep. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-47274
In the Linux kernel, the following vulnerability has been resolved: tracing: Correct the length check which causes memory corruption We've suffered from severe kernel crashes due to memory corruption on our production environment, like, Call Trace: [16... Read more
Affected Products : linux_kernel- Published: May. 21, 2024
- Modified: Apr. 04, 2025
-
9.8
CRITICALCVE-2021-33640
After tar_close(), libtar.c releases the memory pointed to by pointer t. After tar_close() is called in the list() function, it continues to use pointer t: free_longlink_longname(t->th_buf) . As a result, the released memory is used (use-after-free).... Read more
- Published: Dec. 19, 2022
- Modified: Apr. 02, 2025
-
9.8
CRITICALCVE-2021-26877
Windows DNS Server Remote Code Execution Vulnerability... Read more
- Published: Mar. 11, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2016-5687
The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.... Read more
- Published: Dec. 13, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2015-8391
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demo... Read more
- Published: Dec. 02, 2015
- Modified: Apr. 12, 2025
-
9.8
CRITICAL- Published: Nov. 15, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2025-24253
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.... Read more
Affected Products : macos- Published: Mar. 31, 2025
- Modified: Apr. 07, 2025
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2023-39022
oscore v2.2.6 and below was discovered to contain a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless. This vulnerability is exploited via passing an unchecked argument.... Read more
- Published: Jul. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-36397
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 +9 more products- Published: Nov. 14, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-29622
An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the d... Read more
Affected Products : formidable- Published: May. 16, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2016-1000003
Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code.... Read more
Affected Products : mirror_manager- Published: Oct. 07, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2025-6433
If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure tr... Read more
- Published: Jun. 24, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2024-34144
A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protecti... Read more
Affected Products : script_security- Published: May. 02, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-35941
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. ... Read more
Affected Products : envoy- Published: Jul. 25, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-4333
Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines.... Read more
- Published: Jun. 01, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-37300
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including a... Read more
Affected Products : modicon_m580_bmep584040_firmware modicon_m580_bmep582040_firmware modicon_m580_bmep586040_firmware modicon_m580_bmep585040_firmware modicon_m580_bmep582020_firmware modicon_m580_bmep581020_firmware modicon_m580_bmep584020_firmware modicon_m580_bmep583040_firmware modicon_m580_bmep583020_firmware ecostruxure_control_expert +60 more products- Published: Sep. 12, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-43529
Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain cert... Read more
Affected Products : thunderbird- Published: Feb. 16, 2023
- Modified: Mar. 19, 2025
-
9.8
CRITICALCVE-2020-17368
Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.... Read more
- Published: Aug. 11, 2020
- Modified: Nov. 21, 2024