Latest CVE Feed
-
9.8
CRITICAL- EPSS Score: %0.48
- Published: Oct. 31, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-13224
A use-after-free in onig_new_deluxe() in regext.c in Oniguruma 6.9.2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a r... Read more
- EPSS Score: %0.52
- Published: Jul. 10, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-12261
Wind River VxWorks 6.7 though 6.9 and vx7 has a Buffer Overflow in the TCP component (issue 3 of 4). This is an IPNET security vulnerability: TCP Urgent Pointer state confusion during connect() to a remote host.... Read more
- EPSS Score: %17.18
- Published: Aug. 09, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-11581
There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions. An attacker is able to remotely execute code on systems that run a vulnerable version of Jira Server or Dat... Read more
- Actively Exploited
- EPSS Score: %94.33
- Published: Aug. 09, 2019
- Modified: Apr. 02, 2025
-
9.8
CRITICALCVE-2019-10938
A vulnerability has been identified in SIPROTEC 5 devices with CPU variants CP200 (All versions < V7.59), SIPROTEC 5 devices with CPU variants CP300 and CP100 (All versions < V8.01), Siemens Power Meters Series 9410 (All versions < V2.2.1), Siemens Power ... Read more
- EPSS Score: %0.49
- Published: Aug. 02, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10712
The Web-GUI on WAGO Series 750-88x (750-330, 750-352, 750-829, 750-831, 750-852, 750-880, 750-881, 750-882, 750-884, 750-885, 750-889) and Series 750-87x (750-830, 750-849, 750-871, 750-872, 750-873) devices has undocumented service access.... Read more
Affected Products : 750-352_firmware 750-831_firmware 750-852_firmware 750-880_firmware 750-881_firmware 750-889_firmware 750-829_firmware 750-882_firmware 750-885_firmware 750-849_firmware +22 more products- EPSS Score: %0.98
- Published: May. 07, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-0785
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.... Read more
Affected Products : windows_10 windows_server_2012 windows_server_2016 windows_server_2019 windows_server- EPSS Score: %26.24
- Published: Jul. 15, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-0008
A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or... Read more
Affected Products : junos ex4300 ex4300m ex4600 ex4650 qfx5100 qfx5110 qfx5120 qfx5200-32c qfx5200-48y +1 more products- EPSS Score: %4.77
- Published: Apr. 10, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7847
A CWE-284: Improper Access Control vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause denial of service or potential code execution by overwriting configuration settings of the co... Read more
- EPSS Score: %1.22
- Published: May. 22, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7846
A CWE-501: Trust Boundary Violation vulnerability on connection to the Controller exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum and Modicon Premium which could cause unauthorized access by conducting a brute force attack on Mod... Read more
- EPSS Score: %38.19
- Published: May. 22, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7811
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the change password function of the web server... Read more
- EPSS Score: %1.62
- Published: Nov. 30, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7790
An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to replay authentication sequences. If an attacker exp... Read more
- EPSS Score: %0.49
- Published: Aug. 29, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7226
An issue was discovered in vcSetXCutTextProc() in VNConsole.c in LinuxVNC and VNCommand from the LibVNC/vncterm distribution through 0.9.10. Missing sanitization of the client-specified message length may cause integer overflow or possibly have unspecifie... Read more
Affected Products : vncterm- EPSS Score: %0.48
- Published: Feb. 19, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5145
Memory safety bugs were reported in Firefox ESR 52.6. These bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox ESR < 52.7 and Thu... Read more
- EPSS Score: %3.79
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-5116
WebExtensions with the "ActiveTab" permission are able to access frames hosted within the active tab even if the frames are cross-origin. Malicious extensions can inject frames from arbitrary origins into the loaded page and then interact with them, bypas... Read more
- EPSS Score: %0.70
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-3259
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1 and 18c. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to... Read more
- EPSS Score: %7.80
- Published: Oct. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-25014
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().... Read more
- EPSS Score: %0.20
- Published: May. 21, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-19949
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 o... Read more
Affected Products : qts- Actively Exploited
- EPSS Score: %57.62
- Published: Oct. 28, 2020
- Modified: Mar. 12, 2025
-
9.8
CRITICALCVE-2018-19360
FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.... Read more
- EPSS Score: %6.78
- Published: Jan. 02, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-16850
postgresql before versions 11.1, 10.6 is vulnerable to a to SQL injection in pg_upgrade and pg_dump via CREATE TRIGGER ... REFERENCING. Using a purpose-crafted trigger definition, an attacker can cause arbitrary SQL statements to run, with superuser privi... Read more
- EPSS Score: %1.75
- Published: Nov. 13, 2018
- Modified: Nov. 21, 2024