Latest CVE Feed
-
9.8
CRITICALCVE-2023-20160
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affe... Read more
Affected Products : sf300-08_firmware sf302-08_firmware sf302-08pp_firmware sf302-08mpp_firmware sf300-24_firmware sf300-24p_firmware sf300-24pp_firmware sf300-24mp_firmware sf300-48_firmware sf300-48p_firmware +452 more products- EPSS Score: %3.34
- Published: May. 18, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-20101
A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to t... Read more
Affected Products : emergency_responder- EPSS Score: %0.72
- Published: Oct. 04, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-45406
If an out-of-memory condition occurred when creating a JavaScript global, a JavaScript realm may be deleted while references to it lived on in a BaseShape. This could lead to a use-after-free causing a potentially exploitable crash. This vulnerability aff... Read more
- EPSS Score: %0.37
- Published: Dec. 22, 2022
- Modified: Apr. 15, 2025
-
9.8
CRITICALCVE-2022-39952
A external control of file name or path in Fortinet FortiNAC versions 9.4.0, 9.2.0 through 9.2.5, 9.1.0 through 9.1.7, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an unauthenticated attacker to exec... Read more
Affected Products : fortinac- EPSS Score: %93.10
- Published: Feb. 16, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-39244
PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted c... Read more
- EPSS Score: %0.18
- Published: Oct. 06, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-37601
Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3.... Read more
- EPSS Score: %15.84
- Published: Oct. 12, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-34485
Mozilla developers Bryce Seager van Dyk and the Mozilla Fuzzing Team reported potential vulnerabilities present in Firefox 101. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been ex... Read more
Affected Products : firefox- EPSS Score: %0.39
- Published: Dec. 22, 2022
- Modified: Apr. 15, 2025
-
9.8
CRITICALCVE-2022-3270
In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability. ... Read more
Affected Products : controller_cecc-x-m1_firmware controller_cecc-x-m1-mv_firmware controller_cecc-x-m1-mv-s1_firmware controller_cecc-x-m1-ys-l1_firmware controller_cecc-x-m1-ys-l2_firmware controller_cecc-x-m1-y-yjkp_firmware cecx-x-c1_modular_master_controller cecx-x-m1_modular_controller bus_module_cpx-e-ep_firmware bus_node_cpx-fb32_firmware +188 more products- EPSS Score: %0.37
- Published: Dec. 01, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-30133
Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +12 more products- EPSS Score: %13.73
- Published: Aug. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-29917
Mozilla developers Andrew McCreight, Gabriele Svelto, Tom Ritter and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 99 and Firefox ESR 91.8. Some of these bugs showed evidence of memory corruption and we presume that with enough e... Read more
- EPSS Score: %0.18
- Published: Dec. 22, 2022
- Modified: Apr. 15, 2025
-
9.8
CRITICALCVE-2022-29078
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary... Read more
Affected Products : ejs- EPSS Score: %93.46
- Published: Apr. 25, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-29023
A buffer overflow vulnerability exists in the razermouse driver of OpenRazer up to version v3.3.0 allows attackers to cause a Denial of Service (DoS) and possibly escalate their privileges via a crafted buffer sent to the matrix_custom_frame device.... Read more
Affected Products : openrazer- EPSS Score: %0.11
- Published: May. 20, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-28044
Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control.... Read more
- EPSS Score: %0.24
- Published: Apr. 15, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-27518
Unauthenticated remote arbitrary code execution ... Read more
- Actively Exploited
- EPSS Score: %9.82
- Published: Dec. 13, 2022
- Modified: Feb. 14, 2025
-
9.8
CRITICALCVE-2022-26647
A vulnerability has been identified in SCALANCE X200-4P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT (All versions < V5.5.2), SCALANCE X201-3P IRT PRO (All versions < V5.5.2), SCALANCE X202-2IRT (All versions < V5.5.2), SCALANCE X202-2IRT (All versio... Read more
Affected Products : scalance_x200-4p_irt_firmware scalance_x201-3p_irt_firmware scalance_x201-3p_irt_pro_firmware scalance_x202-2irt_firmware scalance_x202-2p_irt_firmware scalance_x202-2p_irt_pro_firmware scalance_x204irt_firmware scalance_x204irt_pro_firmware scalance_xf201-3p_irt_firmware scalance_xf202-2p_irt_firmware +49 more products- EPSS Score: %1.48
- Published: Jul. 12, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-26143
The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain sensitive information and cause a denial of service (performance degradation and excessive outbound traffic... Read more
- Actively Exploited
- EPSS Score: %64.77
- Published: Mar. 10, 2022
- Modified: Mar. 14, 2025
-
9.8
CRITICALCVE-2022-24990
TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to module/api.php?mobile/webNasIPS and then reading the PWD field in the response.... Read more
- Actively Exploited
- EPSS Score: %94.40
- Published: Feb. 07, 2023
- Modified: Jul. 30, 2025
-
9.8
CRITICALCVE-2022-23852
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.... Read more
- EPSS Score: %1.94
- Published: Jan. 24, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-23457
ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)` may incorrectly treat the ... Read more
Affected Products : active_iq_unified_manager weblogic_server oncommand_workflow_automation enterprise_security_api- EPSS Score: %0.20
- Published: Apr. 25, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23085
A user-provided integer option was passed to nmreq_copyin() without checking if it would overflow. This insufficient bounds checking could lead to kernel memory corruption. On systems configured to include netmap in their devfs_ruleset, a privileged pro... Read more
Affected Products : freebsd- EPSS Score: %0.12
- Published: Feb. 15, 2024
- Modified: Dec. 09, 2024