Latest CVE Feed
-
9.8
CRITICALCVE-2023-38406
bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a "flowspec overflow."... Read more
Affected Products : frrouting- EPSS Score: %0.12
- Published: Nov. 06, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-35365
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 +6 more products- EPSS Score: %2.31
- Published: Jul. 11, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-32057
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 +6 more products- EPSS Score: %2.52
- Published: Jul. 11, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-29074
A maliciously crafted CATPART file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause an Out-Of-Bounds Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the co... Read more
- EPSS Score: %0.31
- Published: Nov. 23, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-29073
A maliciously crafted MODEL file when parsed through Autodesk AutoCAD 2024 and 2023 can be used to cause a Heap-Based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in th... Read more
- EPSS Score: %0.34
- Published: Nov. 23, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-26037
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 contain an SQL Injection. The minTime and maxTime request parameters are not proper... Read more
Affected Products : zoneminder- EPSS Score: %0.14
- Published: Feb. 25, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-24427
Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.... Read more
Affected Products : bitbucket_oauth- EPSS Score: %0.22
- Published: Jan. 26, 2023
- Modified: Apr. 02, 2025
-
9.8
CRITICALCVE-2023-23368
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following versio... Read more
- EPSS Score: %3.56
- Published: Nov. 03, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-21689
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_10_22h2 windows_server_2022 +6 more products- EPSS Score: %29.67
- Published: Feb. 14, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-21554
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_10_22h2 windows_server_2022 +7 more products- EPSS Score: %92.16
- Published: Apr. 11, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-20160
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affe... Read more
Affected Products : sf300-08_firmware sf302-08_firmware sf302-08pp_firmware sf302-08mpp_firmware sf300-24_firmware sf300-24p_firmware sf300-24pp_firmware sf300-24mp_firmware sf300-48_firmware sf300-48p_firmware +452 more products- EPSS Score: %3.34
- Published: May. 18, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-20101
A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to t... Read more
Affected Products : emergency_responder- EPSS Score: %0.72
- Published: Oct. 04, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-45406
If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability aff... Read more
- EPSS Score: %0.37
- Published: Dec. 22, 2022
- Modified: Apr. 15, 2025
-
9.8
CRITICALCVE-2022-39952
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to exec... Read more
Affected Products : fortinac- EPSS Score: %93.10
- Published: Feb. 16, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-39244
PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted c... Read more
- EPSS Score: %0.18
- Published: Oct. 06, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-37601
Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3.... Read more
- EPSS Score: %15.84
- Published: Oct. 12, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-34485
Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been ex... Read more
Affected Products : firefox- EPSS Score: %0.39
- Published: Dec. 22, 2022
- Modified: Apr. 15, 2025
-
9.8
CRITICALCVE-2022-3270
In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability. ... Read more
Affected Products : controller_cecc-x-m1_firmware controller_cecc-x-m1-mv_firmware controller_cecc-x-m1-mv-s1_firmware controller_cecc-x-m1-ys-l1_firmware controller_cecc-x-m1-ys-l2_firmware controller_cecc-x-m1-y-yjkp_firmware cecx-x-c1_modular_master_controller cecx-x-m1_modular_controller bus_module_cpx-e-ep_firmware bus_node_cpx-fb32_firmware +188 more products- EPSS Score: %0.37
- Published: Dec. 01, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-30133
Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +12 more products- EPSS Score: %13.73
- Published: Aug. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-29917
Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with enough e... Read more
- EPSS Score: %0.18
- Published: Dec. 22, 2022
- Modified: Apr. 15, 2025