Latest CVE Feed
-
9.8
CRITICALCVE-2022-23478
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. There are no known work... Read more
- Published: Dec. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23218
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a ... Read more
- Published: Jan. 14, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2020-21526
An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it.... Read more
Affected Products : halo- Published: Sep. 30, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-21511
Versions of the package mysql2 before 3.9.7 are vulnerable to Arbitrary Code Injection due to improper sanitization of the timezone parameter in the readCodeFor function by calling a native MySQL Server date/time function.... Read more
Affected Products : mysql2- Published: Apr. 23, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-21522
An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system.... Read more
Affected Products : halo- Published: Sep. 30, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-28211
nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker.... Read more
Affected Products : ngrinder- Published: Mar. 07, 2024
- Modified: May. 07, 2025
-
9.8
CRITICALCVE-2022-25236
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.... Read more
Affected Products : zfs_storage_appliance_kit debian_linux http_server sinema_remote_connect_server libexpat- Published: Feb. 16, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2021-33046
Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.... Read more
Affected Products : sd6al_firmware sd50_firmware sd52c_firmware ipc-hx2xxx_firmware ipc-hx3xxx_firmware ipc-hx5xxx_firmware sd1a1_firmware sd22_firmware tpc-bf1241_firmware tpc-bf2221_firmware +46 more products- Published: Jan. 13, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-14353
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.... Read more
- Published: Jul. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICAL- Actively Exploited
- Published: Feb. 13, 2024
- Modified: May. 29, 2025
-
9.8
CRITICALCVE-2024-21410
Microsoft Exchange Server Elevation of Privilege Vulnerability... Read more
Affected Products : exchange_server- Actively Exploited
- Published: Feb. 13, 2024
- Modified: Nov. 29, 2024
-
9.8
CRITICALCVE-2020-21452
An issue was discovered in uniview ISC2500-S. This is an upload vulnerability where an attacker can upload malicious code via /Interface/DevManage/EC.php?cmd=upload... Read more
- Published: Apr. 29, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-5485
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap().... Read more
Affected Products : tcpdump- Published: Jan. 28, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2022-28209
An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect.... Read more
Affected Products : mediawiki- Published: Mar. 30, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-21334
Open Management Infrastructure (OMI) Remote Code Execution Vulnerability... Read more
- Published: Mar. 12, 2024
- Modified: Nov. 29, 2024
-
9.8
CRITICALCVE-2020-21377
SQL injection vulnerability in yunyecms V2.0.1 via the selcart parameter.... Read more
Affected Products : yunyecms- Published: Dec. 21, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-44223
WordPress before 5.8 lacks support for the Update URI plugin header. This makes it easier for remote attackers to execute arbitrary code via a supply-chain attack against WordPress installations that use any plugin for which the slug satisfies the naming ... Read more
Affected Products : wordpress- Published: Nov. 25, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-21378
SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php.... Read more
Affected Products : seacms- Published: Dec. 21, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2011-5327
In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() function could result in at least memory corruption.... Read more
Affected Products : linux_kernel- Published: Jul. 27, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-21216
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v... Read more
Affected Products : weblogic_server- Published: Oct. 15, 2024
- Modified: Oct. 18, 2024