Latest CVE Feed
-
9.8
CRITICALCVE-2023-43040
IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket access. IBM X-Force ID: 266807.... Read more
Affected Products : storage_fusion_hci- Published: May. 14, 2024
- Modified: Aug. 14, 2025
-
9.8
CRITICALCVE-2023-42115
Exim AUTH Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. The specific flaw ex... Read more
Affected Products : exim- Published: May. 03, 2024
- Modified: Aug. 07, 2025
-
9.8
CRITICALCVE-2023-41913
strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IK... Read more
- EPSS Score: %10.93
- Published: Dec. 07, 2023
- Modified: Jan. 17, 2025
-
9.8
CRITICALCVE-2023-40567
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse o... Read more
- EPSS Score: %0.10
- Published: Aug. 31, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-36434
Windows IIS Server Elevation of Privilege Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 +6 more products- EPSS Score: %2.93
- Published: Oct. 10, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-35367
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 +6 more products- EPSS Score: %2.05
- Published: Jul. 11, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-34417
Memory safety bugs present in Firefox 113. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 114.... Read more
Affected Products : firefox- EPSS Score: %0.28
- Published: Jun. 19, 2023
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2023-33246
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an a... Read more
Affected Products : rocketmq- Actively Exploited
- EPSS Score: %94.36
- Published: May. 24, 2023
- Modified: Feb. 13, 2025
-
9.8
CRITICALCVE-2023-3638
In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application. ... Read more
- EPSS Score: %0.23
- Published: Jul. 19, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-31047
In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the la... Read more
- EPSS Score: %0.06
- Published: May. 07, 2023
- Modified: Jan. 29, 2025
-
9.8
CRITICALCVE-2023-29402
The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters i... Read more
- EPSS Score: %0.12
- Published: Jun. 08, 2023
- Modified: Jan. 06, 2025
-
9.8
CRITICALCVE-2023-29363
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 +6 more products- EPSS Score: %5.86
- Published: Jun. 14, 2023
- Modified: Apr. 08, 2025
-
9.8
CRITICALCVE-2023-2868
A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. The vulnerability arises out of a failure to comprehensively sanitize the processing of .t... Read more
Affected Products : email_security_gateway_300_firmware email_security_gateway_400_firmware email_security_gateway_600_firmware email_security_gateway_800_firmware email_security_gateway_900_firmware email_security_gateway_300 email_security_gateway_400 email_security_gateway_600 email_security_gateway_800 email_security_gateway_900- Actively Exploited
- EPSS Score: %89.60
- Published: May. 24, 2023
- Modified: Apr. 02, 2025
-
9.8
CRITICALCVE-2023-2840
NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.... Read more
Affected Products : gpac- EPSS Score: %0.08
- Published: May. 22, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-28154
Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.... Read more
Affected Products : webpack- EPSS Score: %1.48
- Published: Mar. 13, 2023
- Modified: Feb. 27, 2025
-
9.8
CRITICALCVE-2023-25664
TensorFlow is an open source platform for machine learning. Prior to versions 2.12.0 and 2.11.1, there is a heap buffer overflow in TAvgPoolGrad. A fix is included in TensorFlow 2.12.0 and 2.11.1. ... Read more
Affected Products : tensorflow- EPSS Score: %0.07
- Published: Mar. 25, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-2530
A privilege escalation allowing remote code execution was discovered in the orchestration service.... Read more
Affected Products : puppet_enterprise- EPSS Score: %3.03
- Published: Jun. 07, 2023
- Modified: Aug. 26, 2025
-
9.8
CRITICALCVE-2023-24943
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_10_22h2 windows_server_2022 +7 more products- EPSS Score: %1.30
- Published: May. 09, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-23415
Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_10_22h2 windows_server_2022 +7 more products- EPSS Score: %3.98
- Published: Mar. 14, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-22781
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Succes... Read more
- EPSS Score: %0.88
- Published: May. 08, 2023
- Modified: Jan. 31, 2025