Latest CVE Feed
-
9.8
CRITICALCVE-2022-36320
Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary cod... Read more
Affected Products : firefox- EPSS Score: %0.31
- Published: Dec. 22, 2022
- Modified: Apr. 15, 2025
-
9.8
CRITICALCVE-2023-27971
Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Elevation of Privilege.... Read more
Affected Products : laserjet_pro_m304-m305_w1a46a_firmware laserjet_pro_m304-m305_w1a47a_firmware laserjet_pro_m304-m305_w1a48a_firmware laserjet_pro_m304-m305_w1a66a_firmware laserjet_pro_m404-m405_93m22a_firmware laserjet_pro_m404-m405_w1a51a_firmware laserjet_pro_m404-m405_w1a52a_firmware laserjet_pro_m404-m405_w1a53a_firmware laserjet_pro_m404-m405_w1a56a_firmware laserjet_pro_m404-m405_w1a57a_firmware +66 more products- EPSS Score: %0.64
- Published: Apr. 28, 2023
- Modified: Jan. 30, 2025
-
9.8
CRITICALCVE-2022-45315
Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet.... Read more
Affected Products : routeros- EPSS Score: %0.70
- Published: Dec. 05, 2022
- Modified: Apr. 24, 2025
-
9.8
CRITICALCVE-2022-41794
A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability... Read more
- EPSS Score: %0.36
- Published: Dec. 22, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-41853
Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpat... Read more
- EPSS Score: %70.78
- Published: Oct. 06, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-42756
Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve ... Read more
Affected Products : fortiweb- EPSS Score: %82.16
- Published: Feb. 16, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2016-9013
Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the databas... Read more
- EPSS Score: %2.72
- Published: Dec. 09, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2021-21994
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.... Read more
- EPSS Score: %0.10
- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-46280
A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file t... Read more
Affected Products : open_babel- EPSS Score: %0.34
- Published: Jul. 21, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-46353
A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA... Read more
- EPSS Score: %1.40
- Published: Dec. 13, 2022
- Modified: Apr. 22, 2025
-
9.8
CRITICALCVE-2022-34470
Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.... Read more
- EPSS Score: %0.15
- Published: Dec. 22, 2022
- Modified: Apr. 15, 2025
-
9.8
CRITICALCVE-2023-37460
Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary fi... Read more
Affected Products : plexus-archiver- EPSS Score: %36.05
- Published: Jul. 25, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-37920
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates ... Read more
- EPSS Score: %0.11
- Published: Jul. 25, 2023
- Modified: Feb. 13, 2025
-
9.8
CRITICALCVE-2023-1708
An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim mach... Read more
Affected Products : gitlab- EPSS Score: %6.08
- Published: Apr. 05, 2023
- Modified: Feb. 10, 2025
-
9.8
CRITICALCVE-2023-20162
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affe... Read more
Affected Products : sf300-08_firmware sf302-08_firmware sf302-08pp_firmware sf302-08mpp_firmware sf300-24_firmware sf300-24p_firmware sf300-24pp_firmware sf300-24mp_firmware sf300-48_firmware sf300-48p_firmware +452 more products- EPSS Score: %0.30
- Published: May. 18, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7546
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.... Read more
- EPSS Score: %33.20
- Published: Aug. 16, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2023-40267
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.... Read more
Affected Products : gitpython- EPSS Score: %0.34
- Published: Aug. 11, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-21708
Remote Procedure Call Runtime Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_10_22h2 windows_server_2022 +7 more products- EPSS Score: %4.72
- Published: Mar. 14, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2016-3141
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggerin... Read more
- EPSS Score: %40.68
- Published: Mar. 31, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2017-7824
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vul... Read more
- EPSS Score: %15.37
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024