Latest CVE Feed
-
9.8
CRITICALCVE-2016-5687
The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 allows remote attackers to have unspecified impact via a crafted DDS file, which triggers an out-of-bounds read.... Read more
- EPSS Score: %0.80
- Published: Dec. 13, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2015-8391
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demo... Read more
- EPSS Score: %10.02
- Published: Dec. 02, 2015
- Modified: Apr. 12, 2025
-
9.8
CRITICAL- EPSS Score: %0.38
- Published: Nov. 15, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2025-24253
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.... Read more
Affected Products : macos- Published: Mar. 31, 2025
- Modified: Apr. 07, 2025
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2023-39022
oscore v2.2.6 and below was discovered to contain a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless. This vulnerability is exploited via passing an unchecked argument.... Read more
- EPSS Score: %0.11
- Published: Jul. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-36397
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 +9 more products- EPSS Score: %3.22
- Published: Nov. 14, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-29622
An arbitrary file upload vulnerability in formidable v3.1.4 allows attackers to execute arbitrary code via a crafted filename. NOTE: some third parties dispute this issue because the product has common use cases in which uploading arbitrary files is the d... Read more
Affected Products : formidable- EPSS Score: %33.47
- Published: May. 16, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-11800
Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.... Read more
- EPSS Score: %47.88
- Published: Oct. 07, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2016-1000003
Mirror Manager version 0.7.2 and older is vulnerable to remote code execution in the checkin code.... Read more
Affected Products : mirror_manager- EPSS Score: %2.60
- Published: Oct. 07, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2025-6433
If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure tr... Read more
- Published: Jun. 24, 2025
- Modified: Jul. 14, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-46762
Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malic... Read more
Affected Products : parquet- Published: May. 06, 2025
- Modified: May. 13, 2025
- Vuln Type: Supply Chain
-
9.8
CRITICALCVE-2024-34144
A sandbox bypass vulnerability involving crafted constructor bodies in Jenkins Script Security Plugin 1335.vf07d9ce377a_e and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protecti... Read more
Affected Products : script_security- Published: May. 02, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-35941
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. ... Read more
Affected Products : envoy- EPSS Score: %0.05
- Published: Jul. 25, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-4333
Hardcoded Credentials in multiple SPRECON-E CPU variants of Sprecher Automation allows an remote attacker to take over the device. These accounts should be deactivated according to Sprecher's hardening guidelines.... Read more
- EPSS Score: %0.65
- Published: Jun. 01, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-37300
A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including a... Read more
Affected Products : modicon_m580_bmep584040_firmware modicon_m580_bmep582040_firmware modicon_m580_bmep586040_firmware modicon_m580_bmep585040_firmware modicon_m580_bmep582020_firmware modicon_m580_bmep581020_firmware modicon_m580_bmep584020_firmware modicon_m580_bmep583040_firmware modicon_m580_bmep583020_firmware ecostruxure_control_expert +60 more products- EPSS Score: %0.29
- Published: Sep. 12, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-43529
Thunderbird versions prior to 91.3.0 are vulnerable to the heap overflow described in CVE-2021-43527 when processing S/MIME messages. Thunderbird versions 91.3.0 and later will not call the vulnerable code when processing S/MIME messages that contain cert... Read more
Affected Products : thunderbird- EPSS Score: %0.08
- Published: Feb. 16, 2023
- Modified: Mar. 19, 2025
-
9.8
CRITICALCVE-2020-17368
Firejail through 0.9.62 mishandles shell metacharacters during use of the --output or --output-stderr option, which may lead to command injection.... Read more
- EPSS Score: %4.49
- Published: Aug. 11, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-7653
The Debian python-rdflib-tools 4.2.2-1 package for RDFLib 4.2.2 has CLI tools that can load Python modules from the current working directory, allowing code injection, because "python -m" looks in this directory, as demonstrated by rdf2dot. This issue is ... Read more
- EPSS Score: %0.71
- Published: Feb. 09, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-12896
The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in print-isakmp.c:isakmp_rfc3948_print().... Read more
Affected Products : debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_server_aus tcpdump- EPSS Score: %2.06
- Published: Sep. 14, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2016-9899
Use-after-free while manipulating DOM events and removing audio elements due to errors in the handling of node adoption. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6.... Read more
- EPSS Score: %39.48
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024