Latest CVE Feed
-
9.8
CRITICALCVE-2021-1472
Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about ... Read more
Affected Products : rv340_firmware rv340w_firmware rv345_firmware rv345p_firmware rv160_firmware rv160w_firmware rv260_firmware rv260p_firmware rv260w_firmware small_business_rv_series_router_firmware +9 more products- EPSS Score: %89.91
- Published: Apr. 08, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-1301
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.... Read more
- EPSS Score: %0.88
- Published: Jan. 20, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-9547
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).... Read more
Affected Products : debian_linux active_iq_unified_manager weblogic_server primavera_unifier jd_edwards_enterpriseone_tools retail_xstore_point_of_service jackson-databind autovue_for_agile_product_lifecycle_management banking_platform communications_evolved_communications_application_server +6 more products- EPSS Score: %49.70
- Published: Mar. 02, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-8606
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance.... Read more
Affected Products : interscan_web_security_virtual_appliance- EPSS Score: %88.83
- Published: May. 27, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-8518
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.... Read more
- EPSS Score: %84.86
- Published: Feb. 17, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-7593
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (V1.81.01 - V1.81.03), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.01), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.02). A buffer overflow vulnerability exists in the Web Server functio... Read more
- EPSS Score: %17.29
- Published: Jul. 14, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-7533
CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.... Read more
- EPSS Score: %0.24
- Published: Dec. 01, 2020
- Modified: Jun. 10, 2025
-
9.8
CRITICALCVE-2020-4427
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerab... Read more
Affected Products : data_risk_manager- Actively Exploited
- EPSS Score: %51.01
- Published: May. 07, 2020
- Modified: Feb. 12, 2025
-
9.8
CRITICALCVE-2020-36329
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.... Read more
Affected Products : enterprise_linux debian_linux ontap_select_deploy_administration_utility iphone_os ipados libwebp- EPSS Score: %0.62
- Published: May. 21, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-36195
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerabil... Read more
- EPSS Score: %2.02
- Published: Apr. 17, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-35169
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability.... Read more
- EPSS Score: %0.18
- Published: Jul. 11, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-28017
Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-mail message with fifty million recipients. NOTE: remote exploitation may be difficult because of resource consumption.... Read more
Affected Products : exim- EPSS Score: %5.44
- Published: May. 06, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-25196
The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication.... Read more
- EPSS Score: %0.11
- Published: Dec. 23, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-25176
Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it i... Read more
Affected Products : easergy_t300_firmware easergy_c5_firmware micom_c264_firmware pacis_gtw_firmware saitel_dp_firmware epas_gtw_firmware saitel_dr_firmware scd2200_firmware aadvance_controller isagraf_free_runtime +21 more products- EPSS Score: %2.62
- Published: Mar. 18, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-20703
Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter.... Read more
Affected Products : vim- EPSS Score: %2.81
- Published: Jun. 20, 2023
- Modified: Dec. 10, 2024
-
9.8
CRITICALCVE-2020-16846
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.... Read more
- Actively Exploited
- EPSS Score: %94.39
- Published: Nov. 06, 2020
- Modified: Mar. 14, 2025
-
9.8
CRITICALCVE-2020-12823
OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.... Read more
- EPSS Score: %1.51
- Published: May. 12, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-12501
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.... Read more
- EPSS Score: %1.47
- Published: Oct. 15, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-10018
WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) contains a memory corruption issue (use-after-free) that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory han... Read more
- EPSS Score: %2.49
- Published: Mar. 02, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-9791
The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacemen... Read more
- EPSS Score: %39.30
- Published: Apr. 26, 2019
- Modified: Nov. 21, 2024