Latest CVE Feed
-
9.8
CRITICALCVE-2024-9070
A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions <=1.3.4.post1. By setting specific parameters, an attacker can execute unauthorized arbitrary code on the server, causing severe harm. The vulnerability is trigg... Read more
Affected Products : bentoml- Published: Mar. 20, 2025
- Modified: Mar. 20, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2023-43198
D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the popupId parameter in the H5/hi_block.asp function.... Read more
- EPSS Score: %0.70
- Published: Sep. 20, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2025-2846
A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. This vulnerability affects the function registration of the file /oews/classes/Users.php?f=registration of the component Registration. The manipulation of the argu... Read more
Affected Products : online_eyewear_shop- Published: Mar. 27, 2025
- Modified: May. 14, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2023-43269
pigcms up to 7.0 was discovered to contain an arbitrary file upload vulnerability.... Read more
Affected Products : pigcms- EPSS Score: %0.10
- Published: Oct. 05, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2025-24246
An injection issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access user-sensitive data.... Read more
Affected Products : macos- Published: Mar. 31, 2025
- Modified: Apr. 07, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2023-4402
The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows unauthenticated attackers to inject a PHP Object. No P... Read more
- EPSS Score: %2.87
- Published: Oct. 20, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2025-3209
A vulnerability was found in code-projects Patient Record Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /add_patient.php. The manipulation of the argument itr_no leads to sq... Read more
- Published: Apr. 04, 2025
- Modified: May. 28, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-3309
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/campsdetails.php. The manipulation of the argument hospital leads to sql in... Read more
- Published: Apr. 06, 2025
- Modified: May. 28, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-39596
Weak Authentication vulnerability in Quentn.com GmbH Quentn WP allows Privilege Escalation. This issue affects Quentn WP: from n/a through 1.2.8.... Read more
Affected Products :- Published: Apr. 17, 2025
- Modified: Apr. 17, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2023-41998
Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. A routine exists that allows an attacker to upload and execute arbitrary files.... Read more
Affected Products : udp- EPSS Score: %15.29
- Published: Nov. 27, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICAL- EPSS Score: %2.56
- Published: Nov. 29, 2023
- Modified: Jun. 05, 2025
-
9.8
CRITICALCVE-2025-53766
Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 office windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 +10 more products- Published: Aug. 12, 2025
- Modified: Aug. 14, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2016-9841
inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.... Read more
Affected Products : ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation leap active_iq_unified_manager cloud_backup solidfire mysql +30 more products- EPSS Score: %11.87
- Published: May. 23, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2006-4264
Multiple PHP remote file inclusion vulnerabilities in the lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) install.lmtg_homepage.php an... Read more
Affected Products : mtg_myhomepage_component- EPSS Score: %0.95
- Published: Aug. 21, 2006
- Modified: Apr. 03, 2025
-
9.8
CRITICALCVE-2017-11543
tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c.... Read more
- EPSS Score: %13.57
- Published: Jul. 23, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-17721
CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter.... Read more
Affected Products : beims_contractorweb_.net- EPSS Score: %6.94
- Published: Dec. 18, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-7103
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged con... Read more
- EPSS Score: %4.93
- Published: Oct. 23, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2018-1000120
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.... Read more
- EPSS Score: %1.38
- Published: Mar. 14, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-5005
Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 and earlier, Total Security 10.1.0.316 and earlier, and AntiVirus Pro 10.1.0.316 and earlier on OS X allows remote attackers to execute arbitrary code via a crafted LC_UNIXTHREAD.cmdsi... Read more
- EPSS Score: %31.50
- Published: Jan. 02, 2017
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2018-8855
Echelon SmartServer 1 all versions, SmartServer 2 all versions prior to release 4.11.007, i.LON 100 all versions, and i.LON 600 all versions. The devices allow unencrypted Web connections by default, and devices can receive configuration and firmware upda... Read more
- EPSS Score: %0.16
- Published: Jul. 24, 2018
- Modified: Nov. 21, 2024