Latest CVE Feed
-
9.8
CRITICALCVE-2021-31162
In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.... Read more
- EPSS Score: %0.83
- Published: Apr. 14, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-28800
A command injection vulnerability has been reported to affect QNAP NAS running legacy versions of QTS. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS ... Read more
- EPSS Score: %0.78
- Published: Jun. 24, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27734
Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01 allow remote attackers to change the credentials of existing users.... Read more
- EPSS Score: %0.12
- Published: May. 17, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-26937
encoding.c in GNU Screen through 4.8.0 allows remote attackers to cause a denial of service (invalid write access and application crash) or possibly have unspecified other impact via a crafted UTF-8 character sequence.... Read more
- EPSS Score: %2.98
- Published: Feb. 09, 2021
- Modified: May. 09, 2025
-
9.8
CRITICALCVE-2021-26569
Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.... Read more
- EPSS Score: %1.75
- Published: Mar. 12, 2021
- Modified: Jan. 14, 2025
-
9.8
CRITICALCVE-2021-26109
An integer overflow or wraparound vulnerability in the memory allocator of SSLVPN in FortiOS before 7.0.1 may allow an unauthenticated attacker to corrupt control data on the heap via specifically crafted requests to SSLVPN, resulting in potentially arbit... Read more
Affected Products : fortios- EPSS Score: %1.34
- Published: Dec. 08, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICAL- EPSS Score: %0.76
- Published: Feb. 25, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-24074
Windows TCP/IP Remote Code Execution Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +10 more products- EPSS Score: %14.39
- Published: Feb. 25, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22930
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.... Read more
- EPSS Score: %0.36
- Published: Oct. 07, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22768
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is un... Read more
Affected Products : powerlogic_egx100_firmware powerlogic_egx300_firmware powerlogic_egx100 powerlogic_egx300- EPSS Score: %0.59
- Published: Jun. 11, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22714
A CWE-119:Improper restriction of operations within the bounds of a memory buffer vulnerability exists in PowerLogic ION7400, PM8000 and ION9000 (All versions prior to V3.0.0), which could cause the meter to reboot or allow for remote code execution.... Read more
- EPSS Score: %2.27
- Published: Mar. 11, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22203
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7.9 before 13.8.7, all versions starting from 13.9 before 13.9.5, and all versions starting from 13.10 before 13.10.1. A specially crafted Wiki page allowed attackers to ... Read more
Affected Products : gitlab- EPSS Score: %0.24
- Published: Apr. 02, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-2064
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via II... Read more
Affected Products : weblogic_server- EPSS Score: %29.69
- Published: Jan. 20, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-20308
Integer overflow in the htmldoc 1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service that is similar to CVE-2017-9181.... Read more
- EPSS Score: %0.55
- Published: Apr. 05, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-20045
A buffer overflow vulnerability in SMA100 sonicfiles RAC_COPY_TO (RacNumber 36) method allows a remote unauthenticated attacker to potentially execute code as the 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v ... Read more
- EPSS Score: %2.93
- Published: Dec. 08, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-1870
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code executio... Read more
- Actively Exploited
- EPSS Score: %0.49
- Published: Apr. 02, 2021
- Modified: Feb. 28, 2025
-
9.8
CRITICALCVE-2021-1694
Windows Update Stack Elevation of Privilege Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +10 more products- EPSS Score: %0.76
- Published: Jan. 12, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-1619
A vulnerability in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass NETCONF or RESTCONF authentication and do either of the following: Install, manipulate, ... Read more
Affected Products : ios_xe ios_xe_sd-wan ios_xe_sd-wan_16.10.1_when_installed_on_1000_series_integrated_services ios_xe_sd-wan_16.10.1_when_installed_on_4000_series_integrated_services ios_xe_sd-wan_16.10.1_when_installed_on_asr_1000_series_aggregation_services ios_xe_sd-wan_16.10.1_when_installed_on_integrated_services_virtual ios_xe_sd-wan_16.10.2_when_installed_on_1000_series_integrated_services ios_xe_sd-wan_16.10.2_when_installed_on_4000_series_integrated_services ios_xe_sd-wan_16.10.2_when_installed_on_asr_1000_series_aggregation_services ios_xe_sd-wan_16.10.2_when_installed_on_integrated_services_virtual +136 more products- EPSS Score: %1.24
- Published: Sep. 23, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-1610
Multiple vulnerabilities in the web-based management interface of the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an attacker to do the following: Execute arbitrary code Cause a denial of service (DoS) co... Read more
- EPSS Score: %0.66
- Published: Aug. 04, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-0254
A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service (DoS) condition, or leading to... Read more
Affected Products : junos- EPSS Score: %0.64
- Published: Apr. 22, 2021
- Modified: Nov. 21, 2024