Latest CVE Feed
-
9.8
CRITICALCVE-2016-11033
An issue was discovered on Samsung mobile devices with M(6.0) software. There is a heap-based buffer overflow in tlc_server. The Samsung IDs are SVE-2016-7220 and SVE-2016-7225 (November 2016).... Read more
Affected Products : android- EPSS Score: %0.16
- Published: Apr. 07, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2016-11028
An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a stack-based buffer overflow in the OTP TrustZone trustlet. The Samsung IDs are SVE-2016-7173 and SVE-2016-7174 (December 2016).... Read more
- EPSS Score: %0.16
- Published: Apr. 07, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3942
Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR.... Read more
Affected Products : laserjet_managed_flow_mfp_e52545c_firmware pagewide_managed_color_flow_mfp_e58650z_firmware pagewide_managed_color_flow_mfp_e77660z_firmware pagewide_pro_577dw_d3q21a_firmware pagewide_pro_477dn_d3q19a_firmware pagewide_pro_477dw_d3q20a_firmware pagewide_377dw_j9v80a_firmware officejet_pro_6960_j7k33a_firmware officejet_pro_6960_t0f30a_firmware officejet_pro_6960_t0f32a_firmware +5390 more products- EPSS Score: %4.43
- Published: Dec. 12, 2022
- Modified: Apr. 25, 2025
-
9.8
CRITICALCVE-2016-11020
Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png. This can lead to XSS and remote code execution.... Read more
Affected Products : kunena- EPSS Score: %3.39
- Published: Feb. 25, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2016-11000
The wp-ultimate-exporter plugin through 1.1 for WordPress has SQL injection via the export_type_name parameter.... Read more
Affected Products : ultimate_exporter- EPSS Score: %0.55
- Published: Sep. 20, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2016-11018
An issue was discovered in the Huge-IT gallery-images plugin before 1.9.0 for WordPress. The headers Client-Ip and X-Forwarded-For are prone to unauthenticated SQL injection. The affected file is gallery-images.php. The affected function is huge_it_image_... Read more
Affected Products : image_gallery- EPSS Score: %1.14
- Published: Jan. 21, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2016-15017
A vulnerability has been found in fabarea media_upload on TYPO3 and classified as critical. This vulnerability affects the function getUploadedFileList of the file Classes/Service/UploadFileService.php. The manipulation leads to pathname traversal. Upgrad... Read more
Affected Products : media_upload- EPSS Score: %0.09
- Published: Jan. 10, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2016-10995
The Tevolution plugin before 2.3.0 for WordPress has arbitrary file upload via single_upload.php or single-upload.php.... Read more
Affected Products : telvolution- EPSS Score: %0.84
- Published: Sep. 18, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3773
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.... Read more
- EPSS Score: %0.48
- Published: Feb. 16, 2022
- Modified: Mar. 28, 2025
-
9.8
CRITICALCVE-2016-10972
The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.... Read more
Affected Products : newspaper- EPSS Score: %4.32
- Published: Sep. 16, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3520
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The gre... Read more
- EPSS Score: %0.13
- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-39349
A vulnerability regarding buffer copy without checking size of input ('Classic Buffer Overflow') is found in the libjansson component and it does not affect the upstream library. This allows remote attackers to execute arbitrary code via unspecified vecto... Read more
- Published: Jun. 28, 2024
- Modified: Apr. 10, 2025
-
9.8
CRITICALCVE-2016-10954
The Neosense theme before 1.8 for WordPress has qquploader unrestricted file upload.... Read more
Affected Products : neosense- EPSS Score: %0.84
- Published: Sep. 13, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2016-10955
The cysteme-finder plugin before 1.4 for WordPress has unrestricted file upload because of incorrect session tracking.... Read more
Affected Products : cysteme-finder- EPSS Score: %0.84
- Published: Sep. 13, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2016-10942
The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has SQL injection via the insert_id parameter exploitable via CSRF.... Read more
Affected Products : podlove_podcast_publisher- EPSS Score: %0.98
- Published: Sep. 13, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-34578
This vulnerability allows an attacker who has access to the WBM to read and write settings-parameters of the device by sending specifically constructed requests without authentication on multiple WAGO PLCs in firmware versions up to FW07.... Read more
- EPSS Score: %0.34
- Published: Aug. 31, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2016-10921
The gallery-photo-gallery plugin before 1.0.1 for WordPress has SQL injection.... Read more
Affected Products : photo_gallery- EPSS Score: %0.55
- Published: Aug. 22, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33574
The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a de... Read more
Affected Products : fedora debian_linux solidfire_baseboard_management_controller_firmware cloud_backup e-series_santricity_os_controller h300s_firmware h500s_firmware h700s_firmware h410s_firmware glibc +10 more products- EPSS Score: %0.13
- Published: May. 25, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33204
In the pg_partman (aka PG Partition Manager) extension before 4.5.1 for PostgreSQL, arbitrary code execution can be achieved via SECURITY DEFINER functions because an explicit search_path is not set.... Read more
Affected Products : pg_partman- EPSS Score: %1.05
- Published: May. 19, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2016-10916
The appointment-booking-calendar plugin before 1.1.24 for WordPress has SQL injection, a different vulnerability than CVE-2015-7319.... Read more
Affected Products : appointment_booking_calendar- EPSS Score: %0.51
- Published: Aug. 22, 2019
- Modified: Nov. 21, 2024