Latest CVE Feed
-
9.8
CRITICALCVE-2020-27956
An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (und... Read more
Affected Products : car_rental_management_system- Published: Oct. 28, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-20016
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.... Read more
Affected Products : sma_210_firmware sma_410_firmware sma_100_firmware sma_200_firmware sma_400_firmware sma_500v sma_210 sma_410 sma_200 sma_400 +1 more products- Actively Exploited
- Published: Feb. 04, 2021
- Modified: Mar. 14, 2025
-
9.8
CRITICAL- Published: Dec. 13, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-1955
CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. It was meant as an extension to the long standing setting `require_valid_user`, which in tu... Read more
Affected Products : couchdb- Published: May. 20, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-0156
Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command.... Read more
Affected Products : awesomespawn- Published: Jun. 30, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-0121
The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter.... Read more
- Published: Dec. 29, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2014-0048
An issue was found in Docker before 1.6.0. Some programs and scripts in Docker are downloaded via HTTP and then executed or used in unsafe ways.... Read more
- Published: Jan. 02, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-0011
Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via v... Read more
Affected Products : tigervnc- Published: Jan. 02, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-28250
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_10_22h2 windows_server_2022 +7 more products- Published: Apr. 11, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-0030
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.... Read more
Affected Products : roller- Published: Oct. 10, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2013-7483
The slidedeck2 plugin before 2.3.5 for WordPress has file inclusion.... Read more
Affected Products : slidedeck_2- Published: Aug. 22, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2013-7465
Ice Cold Apps Servers Ultimate 6.0.2(12) does not require authentication for TELNET, SSH, or FTP, which allows remote attackers to execute arbitrary code by uploading PHP scripts.... Read more
Affected Products : servers_ultimate- Published: Oct. 05, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2013-7459
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.... Read more
- Published: Feb. 15, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2013-7429
The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to conduct XML injection attacks via the url parameter to plugin_googlemap2_proxy.php.... Read more
Affected Products : googlemaps- Published: Sep. 14, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2013-7381
libnotify before 1.0.4 for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in a call to libnotify.notify.... Read more
Affected Products : libnotify- Published: Feb. 12, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2013-7426
Insecure Temporary file vulnerability in /tmp/kamailio_fifo in kamailio 4.0.1.... Read more
Affected Products : kamailio- Published: Aug. 29, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2023-34152
A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.... Read more
- Published: May. 30, 2023
- Modified: Jan. 13, 2025
-
9.8
CRITICALCVE-2020-28018
Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common for builds with OpenSSL.... Read more
Affected Products : exim- Published: May. 06, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-36028
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 windows_11_22h2 windows_10_1507 +4 more products- Published: Nov. 14, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-20020
LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution... Read more
- Published: Dec. 19, 2018
- Modified: Nov. 21, 2024