Latest CVE Feed
-
9.8
CRITICALCVE-2022-26143
The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic... Read more
- Actively Exploited
- EPSS Score: %64.77
- Published: Mar. 10, 2022
- Modified: Mar. 14, 2025
-
9.8
CRITICALCVE-2021-33806
The BDew BdLib library before 1.16.1.7 for Minecraft allows remote code execution because it deserializes untrusted data in ObjectInputStream.readObject as part of its use of Java serialization.... Read more
Affected Products : bdlib- EPSS Score: %6.86
- Published: Jun. 03, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-24990
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.... Read more
- Actively Exploited
- EPSS Score: %94.25
- Published: Feb. 07, 2023
- Modified: Jul. 30, 2025
-
9.8
CRITICALCVE-2021-33949
An issue in FeMiner WMS v1.1 allows attackers to execute arbitrary code via the filename parameter and the exec function.... Read more
Affected Products : wms- EPSS Score: %0.47
- Published: Feb. 17, 2023
- Modified: Mar. 18, 2025
-
9.8
CRITICALCVE-2021-33757
Windows Security Account Manager Remote Protocol Security Feature Bypass Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +9 more products- EPSS Score: %0.99
- Published: Jul. 14, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23085
A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged pro... Read more
Affected Products : freebsd- EPSS Score: %0.12
- Published: Feb. 15, 2024
- Modified: Dec. 09, 2024
-
9.8
CRITICALCVE-2021-33797
Buffer-overflow in jsdtoa.c in Artifex MuJS in versions 1.0.1 to 1.1.1. An integer overflow happens when js_strtod() reads in floating point exponent, which leads to a buffer overflow in the pointer *d.... Read more
Affected Products : mujs- EPSS Score: %0.10
- Published: Apr. 17, 2023
- Modified: Feb. 06, 2025
-
9.8
CRITICALCVE-2024-51888
Incorrect Privilege Assignment vulnerability in NotFound Homey Login Register allows Privilege Escalation. This issue affects Homey Login Register: from n/a through 2.4.0.... Read more
Affected Products :- Published: Jan. 21, 2025
- Modified: Jan. 21, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2022-34821
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2), SCALANCE M812-1 ADSL-Router... Read more
Affected Products : scalance_s615_firmware simatic_cp_1242-7_v2_firmware simatic_cp_1243-1_firmware simatic_cp_1243-7_lte_eu_firmware simatic_cp_1243-7_lte_us_firmware simatic_cp_1243-8_irc_firmware simatic_cp_1542sp-1_irc_firmware simatic_cp_1543sp-1_firmware siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware siplus_et_200sp_cp_1543sp-1_isec_firmware +50 more products- EPSS Score: %0.50
- Published: Jul. 12, 2022
- Modified: Jan. 14, 2025
-
9.8
CRITICALCVE-2022-21306
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker... Read more
Affected Products : weblogic_server- EPSS Score: %36.54
- Published: Jan. 19, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33635
When malicious images are pulled by isula pull, attackers can execute arbitrary code.... Read more
Affected Products : isula- EPSS Score: %0.15
- Published: Oct. 29, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-51800
Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.This issue affects Homey: from n/a through 2.4.1.... Read more
Affected Products : homey- Published: Apr. 04, 2025
- Modified: Apr. 07, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2021-33485
CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow.... Read more
- EPSS Score: %0.54
- Published: Aug. 03, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33543
Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated remote access to sensitive files due to default user authentication settings. This can lead to manipulation of the device and denial of service.... Read more
- EPSS Score: %86.98
- Published: Sep. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-0691
Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.... Read more
Affected Products : url-parse- EPSS Score: %0.09
- Published: Feb. 21, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33390
dpic 2021.04.10 has a use-after-free in thedeletestringbox() function in dpic.y. A different vulnerablility than CVE-2021-32421.... Read more
Affected Products : dpic- EPSS Score: %0.21
- Published: Aug. 22, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33352
An issue in Wyomind Help Desk Magento 2 extension v.1.3.6 and before fixed in v.1.3.7 allows attacker to execute arbitrary code via a phar file upload in the ticket message field.... Read more
Affected Products : help_desk- EPSS Score: %0.13
- Published: Mar. 08, 2023
- Modified: Mar. 05, 2025
-
9.8
CRITICALCVE-2021-33357
A vulnerability exists in RaspAP 2.6 to 2.6.5 in the "iface" GET parameter in /ajax/networking/get_netcfg.php, when the "iface" parameter value contains special characters such as ";" which enables an unauthenticated attacker to execute arbitrary OS comma... Read more
Affected Products : raspap- EPSS Score: %91.77
- Published: Jun. 09, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33316
The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability. This vulnerability exists in its lldp related component. Due to lack of proper validation on length field of ChassisID TLV, by sending a cr... Read more
Affected Products : ti-pg1284i_firmware ti-g102i_firmware ti-g160i_firmware ti-g642i_firmware ti-pg102i_firmware ti-pg541i_firmware ti-rp262i_firmware teg-30102ws_firmware tpe-30102ws_firmware ti-pg1284i +8 more products- EPSS Score: %0.64
- Published: May. 11, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22824
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.... Read more
- EPSS Score: %0.43
- Published: Jan. 10, 2022
- Modified: May. 05, 2025