Latest CVE Feed
-
9.8
CRITICALCVE-2015-8391
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demo... Read more
- Published: Dec. 02, 2015
- Modified: Apr. 12, 2025
-
9.8
CRITICAL- Published: Nov. 15, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2025-24253
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.... Read more
Affected Products : macos- Published: Mar. 31, 2025
- Modified: Apr. 07, 2025
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2023-39022
oscore v2.2.6 and below was discovered to contain a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless. This vulnerability is exploited via passing an unchecked argument.... Read more
- Published: Jul. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-36397
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 +9 more products- Published: Nov. 14, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-29622
An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the d... Read more
Affected Products : formidable- Published: May. 16, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2016-1000003
Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code.... Read more
Affected Products : mirror_manager- Published: Oct. 07, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2025-6433
If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure tr... Read more
- Published: Jun. 24, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2024-34144
A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protecti... Read more
Affected Products : script_security- Published: May. 02, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-35941
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. ... Read more
Affected Products : envoy- Published: Jul. 25, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-4333
Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines.... Read more
- Published: Jun. 01, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-37300
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including a... Read more
Affected Products : modicon_m580_bmep584040_firmware modicon_m580_bmep582040_firmware modicon_m580_bmep586040_firmware modicon_m580_bmep585040_firmware modicon_m580_bmep582020_firmware modicon_m580_bmep581020_firmware modicon_m580_bmep584020_firmware modicon_m580_bmep583040_firmware modicon_m580_bmep583020_firmware ecostruxure_control_expert +60 more products- Published: Sep. 12, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-43529
Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain cert... Read more
Affected Products : thunderbird- Published: Feb. 16, 2023
- Modified: Mar. 19, 2025
-
9.8
CRITICALCVE-2020-17368
Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.... Read more
- Published: Aug. 11, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-7653
The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is ... Read more
- Published: Feb. 09, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-12896
The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().... Read more
Affected Products : debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_server_aus tcpdump- Published: Sep. 14, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2016-9899
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2006-4428
PHP remote file inclusion vulnerability in index.php in Jupiter CMS 1.1.5 allows remote attackers to execute arbitrary PHP code via a URL in the template parameter. NOTE: CVE disputes this claim, since the $template variable is defined as a static value ... Read more
Affected Products : jupiter_cms- Published: Aug. 29, 2006
- Modified: Apr. 03, 2025
-
9.8
CRITICALCVE-2006-6024
Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 version 6.1.22.0, have unknown impact and attack vectors, as demonstrated by the (1) "Eudora WorldMail stack overflow" and (2) "Eudora WorldMail heap overflow" modules in VulnDisco Pack. ... Read more
Affected Products : eudora_worldmail- Published: Nov. 21, 2006
- Modified: Apr. 09, 2025
-
9.8
CRITICALCVE-2017-20151
A vulnerability classified as problematic was found in iText RUPS. This vulnerability affects unknown code of the file src/main/java/com/itextpdf/rups/model/XfaFile.java. The manipulation leads to xml external entity reference. The patch is identified as ... Read more
Affected Products : rups- Published: Dec. 30, 2022
- Modified: Nov. 21, 2024