Latest CVE Feed
-
9.8
CRITICALCVE-2018-8786
FreeRDP prior to version 2.0.0-rc4 contains an Integer Truncation that leads to a Heap-Based Buffer Overflow in function update_read_bitmap_update() and results in a memory corruption and probably even a remote code execution.... Read more
- Published: Nov. 29, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-4945
A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file view_parcel.php. The manipulation of the argument id leads to unrestricted upload. It is pos... Read more
- Published: May. 16, 2024
- Modified: Feb. 10, 2025
-
9.8
CRITICALCVE-2024-4915
A vulnerability, which was classified as critical, was found in Campcodes Online Examination System 1.0. Affected is an unknown function of the file result.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attac... Read more
Affected Products : online_examination_system- Published: May. 15, 2024
- Modified: Feb. 21, 2025
-
9.8
CRITICALCVE-2024-4928
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=delete_category. The manipula... Read more
Affected Products : simple_online_bidding_system- Published: May. 16, 2024
- Modified: Dec. 09, 2024
-
9.8
CRITICALCVE-2024-4917
A vulnerability was found in Campcodes Online Examination System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file submitAnswerExe.php. The manipulation of the argument exmne_id leads to sql injection. The at... Read more
Affected Products : online_examination_system- Published: May. 15, 2024
- Modified: Feb. 21, 2025
-
9.8
CRITICALCVE-2024-4884
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole privileges.... Read more
Affected Products : whatsup_gold- Published: Jun. 25, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7761
A vulnerability exists in the HTTP request parser in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200 which could allow arbitrary code execution.... Read more
Affected Products : 140cpu65150_firmware 140cpu65160_firmware bmxnor0200h_firmware modicon_m340_bmxp341000_firmware modicon_m340_bmxp342020_firmware modicon_m340_bmxp342000_firmware modicon_m340_bmxp3420102_firmware modicon_m340_bmxp342020h_firmware modicon_m340_bmxp3420302_firmware modicon_m340_bmxp3420302h_firmware +104 more products- Published: Apr. 18, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7753
An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that have URI values weren't properly sanitized if the values contained character entities. Using character entities, it was possible to construct a URI value with a scheme that was not allo... Read more
Affected Products : bleach- Published: Mar. 07, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7750
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is complet... Read more
- Published: Mar. 13, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-35619
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function ssdpcgi_main.... Read more
- Published: Aug. 03, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-4825
A vulnerability has been discovered in Agentejo Cockpit CMS v0.5.5 that consists in an arbitrary file upload in ‘/media/api’ parameter via post request. An attacker could upload files to the server, compromising the entire infrastructure.... Read more
Affected Products : cockpit- Published: May. 14, 2024
- Modified: Jun. 27, 2025
-
9.8
CRITICALCVE-2018-5183
Mozilla developers backported selected changes in the Skia library. These changes correct memory corruption issues including invalid buffer reads and writes during graphic operations. This vulnerability affects Thunderbird ESR < 52.8, Thunderbird < 52.8, ... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5154
A use-after-free vulnerability can occur while enumerating attributes during SVG animations with clip paths. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ... Read more
Affected Products : firefox firefox_esr thunderbird ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus +2 more products- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5150
Memory safety bugs were reported in Firefox 59, Firefox ESR 52.7, and Thunderbird 52.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulner... Read more
Affected Products : firefox firefox_esr thunderbird ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus +2 more products- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5104
A use-after-free vulnerability can occur during font face manipulation when a font face is freed while still in use, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58.... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5099
A use-after-free vulnerability can occur when the widget listener is holding strong references to browser objects that have previously been freed, resulting in a potentially exploitable crash when these references are used. This vulnerability affects Thun... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-4353
A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.... Read more
Affected Products : mac_os_x- Published: Apr. 03, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-35620
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function binary.soapcgi_main.... Read more
- Published: Aug. 03, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-4778
Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126.... Read more
Affected Products : firefox- Published: May. 14, 2024
- Modified: Apr. 04, 2025
-
9.8
CRITICALCVE-2018-3201
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access... Read more
Affected Products : weblogic_server- Published: Oct. 17, 2018
- Modified: Nov. 21, 2024