Latest CVE Feed
-
9.8
CRITICALCVE-2023-29402
The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters i... Read more
- EPSS Score: %0.12
- Published: Jun. 08, 2023
- Modified: Jan. 06, 2025
-
9.8
CRITICALCVE-2023-29363
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 +6 more products- EPSS Score: %5.86
- Published: Jun. 14, 2023
- Modified: Apr. 08, 2025
-
9.8
CRITICALCVE-2023-2868
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .t... Read more
Affected Products : email_security_gateway_300_firmware email_security_gateway_400_firmware email_security_gateway_600_firmware email_security_gateway_800_firmware email_security_gateway_900_firmware email_security_gateway_300 email_security_gateway_400 email_security_gateway_600 email_security_gateway_800 email_security_gateway_900- Actively Exploited
- EPSS Score: %89.60
- Published: May. 24, 2023
- Modified: Apr. 02, 2025
-
9.8
CRITICALCVE-2023-2840
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.... Read more
Affected Products : gpac- EPSS Score: %0.08
- Published: May. 22, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-28154
Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.... Read more
Affected Products : webpack- EPSS Score: %1.48
- Published: Mar. 13, 2023
- Modified: Feb. 27, 2025
-
9.8
CRITICALCVE-2023-25664
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1. ... Read more
Affected Products : tensorflow- EPSS Score: %0.07
- Published: Mar. 25, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-2530
A privilege escalation allowing remote code execution was discovered in the orchestration service.... Read more
Affected Products : puppet_enterprise- EPSS Score: %3.12
- Published: Jun. 07, 2023
- Modified: Aug. 26, 2025
-
9.8
CRITICALCVE-2023-24943
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_10_22h2 windows_server_2022 +7 more products- EPSS Score: %1.30
- Published: May. 09, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-23415
Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_10_22h2 windows_server_2022 +7 more products- EPSS Score: %3.98
- Published: Mar. 14, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-22781
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Succes... Read more
- EPSS Score: %0.88
- Published: May. 08, 2023
- Modified: Jan. 31, 2025
-
9.8
CRITICALCVE-2023-26359
Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this... Read more
Affected Products : coldfusion- Actively Exploited
- EPSS Score: %87.10
- Published: Mar. 23, 2023
- Modified: Feb. 13, 2025
-
9.8
CRITICALCVE-2022-46289
Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to... Read more
Affected Products : open_babel- EPSS Score: %0.12
- Published: Jul. 21, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-42837
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, watchOS 9.2. A remote user may be able to cause unexpected... Read more
- EPSS Score: %3.99
- Published: Dec. 15, 2022
- Modified: Apr. 21, 2025
-
9.8
CRITICALCVE-2022-41903
Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `--format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operator... Read more
- EPSS Score: %18.28
- Published: Jan. 17, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-37890
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6... Read more
- EPSS Score: %0.82
- Published: Oct. 07, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-34381
Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, le... Read more
- EPSS Score: %0.63
- Published: Feb. 02, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-33321
Cleartext Transmission of Sensitive Information vulnerability due to the use of Basic Authentication for HTTP connections in Mitsubishi Electric consumer electronics products (PHOTOVOLTAIC COLOR MONITOR ECO-GUIDE, HEMS adapter, Wi-Fi Interface, Air Condit... Read more
- EPSS Score: %0.58
- Published: Nov. 08, 2022
- Modified: May. 01, 2025
-
9.8
CRITICALCVE-2022-32839
The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A remote user may cause an unexpected app terminati... Read more
- EPSS Score: %1.26
- Published: Aug. 24, 2022
- Modified: May. 29, 2025
-
9.8
CRITICALCVE-2022-31692
Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types. Specifically, an application is vulnerable when all of the following are true: The application ... Read more
- EPSS Score: %6.71
- Published: Oct. 31, 2022
- Modified: May. 06, 2025
-
9.8
CRITICALCVE-2022-30235
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)... Read more
- EPSS Score: %0.34
- Published: Jun. 02, 2022
- Modified: Nov. 21, 2024