Latest CVE Feed
-
9.8
CRITICALCVE-2022-25315
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.... Read more
Affected Products : fedora zfs_storage_appliance_kit debian_linux http_server sinema_remote_connect_server libexpat- EPSS Score: %7.70
- Published: Feb. 18, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-23304
The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.... Read more
- EPSS Score: %0.06
- Published: Jan. 17, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23125
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len eleme... Read more
- EPSS Score: %19.28
- Published: Mar. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23122
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the... Read more
- EPSS Score: %6.77
- Published: Mar. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23121
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from th... Read more
- EPSS Score: %15.39
- Published: Mar. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22978
In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular express... Read more
- EPSS Score: %90.79
- Published: May. 19, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring ... Read more
Affected Products : weblogic_server communications_policy_management jdk communications_cloud_native_core_network_slice_selection_function retail_customer_management_and_segmentation_foundation communications_cloud_native_core_network_repository_function mysql_enterprise_monitor communications_cloud_native_core_unified_data_repository retail_bulk_data_integration retail_xstore_point_of_service +29 more products- Actively Exploited
- EPSS Score: %94.46
- Published: Apr. 01, 2022
- Modified: Apr. 10, 2025
-
9.8
CRITICALCVE-2022-22274
A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall.... Read more
Affected Products : sonicos sonicosv nsa_2700 nsa_3700 nsa_4700 nsa_5700 nsa_6700 nssp_10700 nssp_11700 nssp_13700 +23 more products- EPSS Score: %43.83
- Published: Mar. 25, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-20842
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more informati... Read more
- EPSS Score: %0.76
- Published: Aug. 10, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-1471
SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml's SafeConsturctor when parsing unt... Read more
Affected Products : snakeyaml- EPSS Score: %93.85
- Published: Dec. 01, 2022
- Modified: Jun. 18, 2025
-
9.8
CRITICALCVE-2022-0699
A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.... Read more
Affected Products : shapelib- EPSS Score: %0.11
- Published: Oct. 17, 2022
- Modified: May. 13, 2025
-
9.8
CRITICALCVE-2022-0547
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially corre... Read more
- EPSS Score: %0.63
- Published: Mar. 18, 2022
- Modified: Apr. 23, 2025
-
9.8
CRITICALCVE-2021-47548
In the Linux kernel, the following vulnerability has been resolved: ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() The if statement: if (port >= DSAF_GE_NUM) return; limits the value of po... Read more
Affected Products : linux_kernel- Published: May. 24, 2024
- Modified: Apr. 01, 2025
-
9.8
CRITICALCVE-2021-45707
An issue was discovered in the nix crate 0.16.0 and later before 0.20.2, 0.21.x before 0.21.2, and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups.... Read more
Affected Products : nix- EPSS Score: %0.51
- Published: Dec. 27, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-43300
Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.... Read more
- EPSS Score: %0.41
- Published: Feb. 16, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-42377
An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare... Read more
Affected Products : fedora cloud_backup hci_management_node solidfire h300s_firmware h500s_firmware h700s_firmware h410s_firmware busybox h300s +9 more products- EPSS Score: %1.86
- Published: Nov. 15, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-41842
An issue was discovered in AtaLegacySmm in the kernel 5.0 before 05.08.46, 5.1 before 05.16.46, 5.2 before 05.26.46, 5.3 before 05.35.46, 5.4 before 05.43.46, and 5.5 before 05.51.45 in Insyde InsydeH2O. Code execution can occur because the SMI handler la... Read more
Affected Products : insydeh2o- EPSS Score: %1.22
- Published: Jan. 06, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3942
Certain HP Print products and Digital Sending products may be vulnerable to potential remote code execution and buffer overflow with use of Link-Local Multicast Name Resolution or LLMNR.... Read more
Affected Products : laserjet_managed_flow_mfp_e52545c_firmware pagewide_managed_color_flow_mfp_e58650z_firmware pagewide_managed_color_flow_mfp_e77660z_firmware pagewide_pro_577dw_d3q21a_firmware pagewide_pro_477dn_d3q19a_firmware pagewide_pro_477dw_d3q20a_firmware pagewide_377dw_j9v80a_firmware officejet_pro_6960_j7k33a_firmware officejet_pro_6960_t0f30a_firmware officejet_pro_6960_t0f32a_firmware +5390 more products- EPSS Score: %4.43
- Published: Dec. 12, 2022
- Modified: Apr. 25, 2025
-
9.8
CRITICALCVE-2021-3773
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks.... Read more
- EPSS Score: %0.48
- Published: Feb. 16, 2022
- Modified: Mar. 28, 2025
-
9.8
CRITICALCVE-2021-3520
There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a crash. The gre... Read more
- EPSS Score: %0.13
- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024