Latest CVE Feed
-
9.8
CRITICALCVE-2022-32985
libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201.... Read more
Affected Products : gigaswitch_641_desk_v5_sfp-vi_firmware gigaswitch_642_desk_v5_sfp-2vi_firmware gigaswitch_v5_2tp\(pd-f\+\)_sfp-vi_54vdc_firmware gigaswitch_v5_2tp\(pse\+\)_sfp-vi_54vdc_firmware gigaswitch_v5_2tp_sfp-vi_54vdc_firmware gigaswitch_v5_sfp-2vi_230vac_firmware gigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_firmware gigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_ind_firmware gigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_med_firmware gigaswitch_v5_tp_sfp-2vi_54vdc_firmware +16 more products- EPSS Score: %0.61
- Published: Jul. 17, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-31206
The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software (which compiles IEC 61131-3 conformant ... Read more
- EPSS Score: %0.11
- Published: Jul. 26, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-31003
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\0` and cause an out-of-bounds write. An attacker can se... Read more
- EPSS Score: %4.37
- Published: May. 31, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-29958
JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a bl... Read more
- EPSS Score: %0.13
- Published: Jul. 26, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-29873
A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM ... Read more
Affected Products : 7kg8500-0aa00-0aa0_firmware 7kg8500-0aa00-2aa0_firmware 7kg8500-0aa10-0aa0_firmware 7kg8500-0aa10-2aa0_firmware 7kg8500-0aa30-0aa0_firmware 7kg8500-0aa30-2aa0_firmware 7kg8501-0aa01-0aa0_firmware 7kg8501-0aa01-2aa0_firmware 7kg8501-0aa02-0aa0_firmware 7kg8501-0aa02-2aa0_firmware +62 more products- EPSS Score: %2.69
- Published: May. 20, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-28738
A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.... Read more
Affected Products : ruby- EPSS Score: %0.46
- Published: May. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-24724
cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption whe... Read more
- EPSS Score: %4.19
- Published: Mar. 03, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23303
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.... Read more
- EPSS Score: %0.33
- Published: Jan. 17, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22822
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.... Read more
- EPSS Score: %1.33
- Published: Jan. 10, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-22817
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.... Read more
- EPSS Score: %2.55
- Published: Jan. 10, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22487
An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability usin... Read more
- EPSS Score: %0.21
- Published: Jun. 30, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22012
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server windows_10_1607 +14 more products- EPSS Score: %7.14
- Published: May. 10, 2022
- Modified: Jan. 02, 2025
-
9.8
CRITICALCVE-2022-0582
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file... Read more
- EPSS Score: %0.07
- Published: Feb. 14, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-45005
Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow which is caused by conflicting JumpList of nested try/finally statements.... Read more
Affected Products : mujs- EPSS Score: %0.14
- Published: Feb. 14, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-44790
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issu... Read more
Affected Products : fedora zfs_storage_appliance_kit debian_linux cloud_backup macos http_server mac_os_x http_server communications_session_report_manager communications_session_route_manager +4 more products- EPSS Score: %87.39
- Published: Dec. 20, 2021
- Modified: May. 01, 2025
-
9.8
CRITICALCVE-2021-44529
A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with limited permissions (nobody).... Read more
Affected Products : endpoint_manager_cloud_services_appliance- Actively Exploited
- EPSS Score: %94.46
- Published: Dec. 08, 2021
- Modified: Mar. 13, 2025
-
9.8
CRITICALCVE-2021-43925
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified ve... Read more
- EPSS Score: %0.42
- Published: Feb. 07, 2022
- Modified: Jan. 14, 2025
-
9.8
CRITICALCVE-2021-43616
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to ins... Read more
- EPSS Score: %0.77
- Published: Nov. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-42553
A buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics in versions before 3.5.1 allows an attacker to execute arbitrary code when the descriptor contains more endpoints than USBH_MAX_NUM_ENDPOINTS. The library is typically integrated w... Read more
Affected Products : stm32_mw_usb_host- EPSS Score: %0.21
- Published: Oct. 21, 2022
- Modified: May. 07, 2025
-
9.8
CRITICALCVE-2021-37350
Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation.... Read more
Affected Products : nagios_xi- EPSS Score: %47.52
- Published: Aug. 13, 2021
- Modified: Nov. 21, 2024