Latest CVE Feed
-
9.8
CRITICAL- Published: Dec. 13, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-1955
CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. It was meant as an extension to the long standing setting `require_valid_user`, which in tu... Read more
Affected Products : couchdb- Published: May. 20, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-0156
Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command.... Read more
Affected Products : awesomespawn- Published: Jun. 30, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-0121
The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter.... Read more
- Published: Dec. 29, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2014-0048
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.... Read more
- Published: Jan. 02, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-0011
Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via v... Read more
Affected Products : tigervnc- Published: Jan. 02, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-28250
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_10_22h2 windows_server_2022 +7 more products- Published: Apr. 11, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-0030
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.... Read more
Affected Products : roller- Published: Oct. 10, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2013-7483
The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion.... Read more
Affected Products : slidedeck_2- Published: Aug. 22, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2013-7465
Ice Cold Apps Servers Ultimate 6.0.2(12) does not require authentication for TELNET, SSH, or FTP, which allows remote attackers to execute arbitrary code by uploading PHP scripts.... Read more
Affected Products : servers_ultimate- Published: Oct. 05, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2013-7459
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.... Read more
- Published: Feb. 15, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2013-7429
The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to conduct XML injection attacks via the url parameter to plugin_googlemap2_proxy.php.... Read more
Affected Products : googlemaps- Published: Sep. 14, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2013-7381
libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify.... Read more
Affected Products : libnotify- Published: Feb. 12, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2013-7426
Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1.... Read more
Affected Products : kamailio- Published: Aug. 29, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2023-34152
A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.... Read more
- Published: May. 30, 2023
- Modified: Jan. 13, 2025
-
9.8
CRITICALCVE-2020-28018
Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL.... Read more
Affected Products : exim- Published: May. 06, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-36028
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 windows_11_22h2 windows_10_1507 +4 more products- Published: Nov. 14, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-20020
LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution... Read more
- Published: Dec. 19, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-27847
A vulnerability exists in the SAML connector of the github.com/dexidp/dex library used to process SAML Signature Validation. This flaw allows an attacker to bypass SAML authentication. The highest threat from this vulnerability is to confidentiality, inte... Read more
Affected Products : dex- Published: May. 28, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2013-7285
Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. ... Read more
- Published: May. 15, 2019
- Modified: May. 23, 2025