Latest CVE Feed
-
9.8
CRITICALCVE-2023-24348
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetACLFilter.... Read more
- EPSS Score: %2.08
- Published: Feb. 10, 2023
- Modified: Mar. 24, 2025
-
9.8
CRITICALCVE-2023-2096
A vulnerability was found in SourceCodester Vehicle Service Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/service_requests/manage_inventory.php. The manipulation of the argument id leads to s... Read more
- EPSS Score: %0.05
- Published: Apr. 15, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-21263
In OSMMapPMRGeneric of pmr_os.c, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exp... Read more
Affected Products : android- EPSS Score: %0.12
- Published: Dec. 04, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-20887
cPanel before 74.0.0 allows SQL injection during database backups (SEC-420).... Read more
Affected Products : cpanel- EPSS Score: %0.26
- Published: Aug. 01, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-11960
Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability when checking backup file in c_upload interface let attacker able to extract malicious file under any location in /tmp, lead to possible RCE and DoS... Read more
- EPSS Score: %0.50
- Published: Jun. 24, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-2146
A vulnerability was found in Campcodes Online Thesis Archiving System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file classes/Master.php. The manipulation of the argument name leads to sql inje... Read more
Affected Products : online_thesis_archiving_system- EPSS Score: %0.05
- Published: Apr. 18, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-25210
Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromSetSysTime function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted payload.... Read more
- EPSS Score: %0.11
- Published: Apr. 07, 2023
- Modified: Feb. 13, 2025
-
9.8
CRITICALCVE-2022-34913
md2roff 1.7 has a stack-based buffer overflow via a Markdown file containing a large number of consecutive characters to be processed. NOTE: the vendor's position is that the product is not intended for untrusted input... Read more
Affected Products : md2roff- EPSS Score: %6.00
- Published: Jul. 02, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-4556
A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical. Affected by this issue is the function mysqli_query of the file sexit.php. The manipulation of the argument id leads to sql injection. The attack may... Read more
Affected Products : online_graduate_tracer_system online_graduate_tracer_system online_graduate_tracer_system- EPSS Score: %0.05
- Published: Aug. 27, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-0895
Static Code Injection in GitHub repository microweber/microweber prior to 1.3.... Read more
- EPSS Score: %1.14
- Published: Mar. 10, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-25528
NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability m... Read more
- EPSS Score: %0.49
- Published: Sep. 20, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-25562
DataHub is an open-source metadata platform. In versions of DataHub prior to 0.8.45 Session cookies are only cleared on new sign-in events and not on logout events. Any authentication checks using the `AuthUtils.hasValidSessionCookie()` method could be by... Read more
Affected Products : datahub- EPSS Score: %0.03
- Published: Feb. 11, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-25589
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to create arbitrary users on the platform. A successful exploit allows an attacker to achieve total cluster compromise.... Read more
Affected Products : clearpass_policy_manager- EPSS Score: %0.94
- Published: Mar. 22, 2023
- Modified: Feb. 27, 2025
-
9.8
CRITICALCVE-2023-25657
Nautobot is a Network Source of Truth and Network Automation Platform. All users of Nautobot versions earlier than 1.5.7 are impacted by a remote code execution vulnerability. Nautobot did not properly sandbox Jinja2 template rendering. In Nautobot 1.5.7 ... Read more
Affected Products : nautobot- EPSS Score: %1.80
- Published: Feb. 21, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-25718
In ConnectWise Control through 22.9.10032 (formerly known as ScreenConnect), after an executable file is signed, additional instructions can be added without invalidating the signature, such as instructions that result in offering the end user a (differen... Read more
Affected Products : control- EPSS Score: %0.07
- Published: Feb. 13, 2023
- Modified: Jun. 19, 2025
-
9.8
CRITICALCVE-2023-4590
Buffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument through the Structured Exception Handler (SEH) registers.... Read more
Affected Products : frhed- EPSS Score: %0.42
- Published: Nov. 27, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-23421
All versions of package merge-change are vulnerable to Prototype Pollution via the utils.set function.... Read more
Affected Products : merge-change- EPSS Score: %0.53
- Published: Aug. 11, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-43703
An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. After disabling JavaScript, you can directly access the administrator console.... Read more
Affected Products : zzcms- EPSS Score: %0.86
- Published: Dec. 09, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-46010
An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component.... Read more
Affected Products : seacms- EPSS Score: %0.28
- Published: Oct. 25, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-26066
Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index.... Read more
Affected Products : cxtpc_firmware cstpc_firmware mxtct_firmware mxtpm_firmware cxtmm_firmware mslsg_firmware mxlsg_firmware mslbd_firmware mxlbd_firmware msngm_firmware +207 more products- EPSS Score: %0.23
- Published: Apr. 10, 2023
- Modified: Feb. 11, 2025