Latest CVE Feed
-
9.8
CRITICALCVE-2021-37232
A stack overflow vulnerability occurs in Atomicparsley 20210124.204813.840499f through APar_read64() in src/util.cpp due to the lack of buffer size of uint32_buffer while reading more bytes in APar_read64.... Read more
Affected Products : atomicparsley- EPSS Score: %0.59
- Published: Aug. 04, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-36366
Nagios XI before 5.8.5 incorrectly allows manage_services.sh wildcards.... Read more
Affected Products : nagios_xi- EPSS Score: %10.90
- Published: Sep. 28, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-36364
Nagios XI before 5.8.5 incorrectly allows backup_xi.sh wildcards.... Read more
Affected Products : nagios_xi- EPSS Score: %10.90
- Published: Sep. 28, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-34569
In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory.... Read more
- EPSS Score: %0.08
- Published: Nov. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-34552
Pillow through 8.2.0 and PIL (aka Python Imaging Library) through 1.1.7 allow an attacker to pass controlled parameters directly into a convert function to trigger a buffer overflow in Convert.c.... Read more
- EPSS Score: %0.32
- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3420
A flaw was found in newlib in versions prior to 4.0.0. Improper overflow validation in the memory allocation functions mEMALIGn, pvALLOc, nano_memalign, nano_valloc, nano_pvalloc could case an integer overflow, leading to an allocation of a small buffer a... Read more
- EPSS Score: %0.31
- Published: Mar. 05, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-31884
A vulnerability has been identified in APOGEE MBC (PPC) (BACnet) (All versions), APOGEE MBC (PPC) (P2 Ethernet) (All versions), APOGEE MEC (PPC) (BACnet) (All versions), APOGEE MEC (PPC) (P2 Ethernet) (All versions), APOGEE PXC Compact (BACnet) (All versi... Read more
Affected Products : apogee_pxc_modular_firmware talon_tc_compact_firmware talon_tc_modular_firmware capital_vstar nucleus_net nucleus_readystart_v3 nucleus_source_code apogee_modular_building_controller_firmware apogee_modular_equiment_controller_firmware apogee_pxc_compact_firmware +39 more products- EPSS Score: %0.72
- Published: Nov. 09, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3177
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_dou... Read more
Affected Products : fedora zfs_storage_appliance_kit debian_linux active_iq_unified_manager ontap_select_deploy_administration_utility communications_pricing_design_center python enterprise_manager_ops_center communications_offline_mediation_controller communications_cloud_native_core_network_function_cloud_native_environment- EPSS Score: %0.04
- Published: Jan. 19, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-28879
In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again.... Read more
- EPSS Score: %0.12
- Published: Apr. 11, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27101
Accellion FTA 9_12_370 and earlier is affected by SQL injection via a crafted Host header in a request to document_root.html. The fixed version is FTA_9_12_380 and later.... Read more
Affected Products : fta- Actively Exploited
- EPSS Score: %1.45
- Published: Feb. 16, 2021
- Modified: Apr. 03, 2025
-
9.8
CRITICALCVE-2021-2135
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Coherence Container). Supported versions that are affected are 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attac... Read more
Affected Products : weblogic_server- EPSS Score: %22.62
- Published: Apr. 22, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-1498
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the... Read more
- Actively Exploited
- EPSS Score: %94.06
- Published: May. 06, 2021
- Modified: Feb. 24, 2025
-
9.8
CRITICALCVE-2021-1472
Multiple vulnerabilities exist in the web-based management interface of Cisco Small Business RV Series Routers. A remote attacker could execute arbitrary commands or bypass authentication and upload files on an affected device. For more information about ... Read more
Affected Products : rv340_firmware rv340w_firmware rv345_firmware rv345p_firmware rv160_firmware rv160w_firmware rv260_firmware rv260p_firmware rv260w_firmware small_business_rv_series_router_firmware +9 more products- EPSS Score: %89.91
- Published: Apr. 08, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-1301
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.... Read more
- EPSS Score: %0.88
- Published: Jan. 20, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-9547
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).... Read more
Affected Products : debian_linux active_iq_unified_manager weblogic_server primavera_unifier jd_edwards_enterpriseone_tools retail_xstore_point_of_service jackson-databind autovue_for_agile_product_lifecycle_management banking_platform communications_evolved_communications_application_server +6 more products- EPSS Score: %49.70
- Published: Mar. 02, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-8606
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance.... Read more
Affected Products : interscan_web_security_virtual_appliance- EPSS Score: %88.83
- Published: May. 27, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-8518
Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading to remote code execution.... Read more
- EPSS Score: %84.86
- Published: Feb. 17, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-7593
A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (V1.81.01 - V1.81.03), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.01), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.02). A buffer overflow vulnerability exists in the Web Server functio... Read more
- EPSS Score: %17.29
- Published: Jul. 14, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-7533
CWE-287: Improper Authentication vulnerability exists which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests.... Read more
- EPSS Score: %0.24
- Published: Dec. 01, 2020
- Modified: Jun. 10, 2025
-
9.8
CRITICALCVE-2020-4427
IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerab... Read more
Affected Products : data_risk_manager- Actively Exploited
- EPSS Score: %51.01
- Published: May. 07, 2020
- Modified: Feb. 12, 2025