Latest CVE Feed
-
9.8
CRITICALCVE-2023-37285
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.... Read more
- EPSS Score: %0.39
- Published: Jul. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-3824
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or R... Read more
- EPSS Score: %34.75
- Published: Aug. 11, 2023
- Modified: Feb. 13, 2025
-
9.8
CRITICALCVE-2019-5482
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.... Read more
Affected Products : fedora debian_linux leap curl cloud_backup oncommand_insight oncommand_unified_manager oncommand_workflow_automation snapcenter steelstore_cloud_integrated_storage +7 more products- EPSS Score: %10.79
- Published: Sep. 16, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-26304
There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (821... Read more
Affected Products : arubaos- Published: May. 01, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-40400
This issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. A remote user may cause an unexpected app termination or arbitrary code execution.... Read more
- EPSS Score: %1.68
- Published: Sep. 27, 2023
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2023-40889
A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the ... Read more
Affected Products : zbar- EPSS Score: %0.62
- Published: Aug. 29, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-21692
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_10_22h2 windows_server_2022 +7 more products- EPSS Score: %32.58
- Published: Feb. 14, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-26305
There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Succes... Read more
Affected Products : arubaos- Published: May. 01, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-21690
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_10_22h2 windows_server_2022 +6 more products- EPSS Score: %22.73
- Published: Feb. 14, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22767
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is un... Read more
Affected Products : powerlogic_egx100_firmware powerlogic_egx300_firmware powerlogic_egx100 powerlogic_egx300- EPSS Score: %0.59
- Published: Jun. 11, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7785
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.... Read more
- EPSS Score: %10.90
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICAL- EPSS Score: %0.54
- Published: Nov. 15, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7828
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57,... Read more
- EPSS Score: %34.67
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-26261
The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the... Read more
- EPSS Score: %0.30
- Published: Feb. 15, 2024
- Modified: Jan. 23, 2025
-
9.8
CRITICALCVE-2024-26264
EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. This allows remote attackers to inject SQL commands without authentication, enabling them to read, modify... Read more
Affected Products : risweb- EPSS Score: %0.48
- Published: Feb. 15, 2024
- Modified: Jan. 23, 2025
-
9.8
CRITICALCVE-2023-2262
A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a thr... Read more
Affected Products : 1756-en2t_series_a_firmware 1756-en2t_series_b_firmware 1756-en2t_series_c_firmware 1756-en2t_series_d_firmware 1756-en2tk_series_a_firmware 1756-en2tk_series_b_firmware 1756-en2tk_series_c_firmware 1756-en2txt_series_a_firmware 1756-en2txt_series_b_firmware 1756-en2txt_series_c_firmware +56 more products- EPSS Score: %4.48
- Published: Sep. 20, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-3520
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.... Read more
Affected Products : vim- EPSS Score: %0.08
- Published: Dec. 02, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-28333
The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).... Read more
- EPSS Score: %0.69
- Published: Mar. 23, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2013-6792
Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability... Read more
Affected Products : android- EPSS Score: %2.77
- Published: Jan. 23, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-15801
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.... Read more
- EPSS Score: %0.60
- Published: Jul. 17, 2020
- Modified: Nov. 21, 2024