Latest CVE Feed
-
9.8
CRITICALCVE-2022-45315
Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet.... Read more
Affected Products : routeros- EPSS Score: %0.70
- Published: Dec. 05, 2022
- Modified: Apr. 24, 2025
-
9.8
CRITICALCVE-2022-41794
A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability... Read more
- EPSS Score: %0.36
- Published: Dec. 22, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-41853
Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpat... Read more
- EPSS Score: %70.78
- Published: Oct. 06, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-42756
Multiple stack-based buffer overflow vulnerabilities [CWE-121] in the proxy daemon of FortiWeb 5.x all versions, 6.0.7 and below, 6.1.2 and below, 6.2.6 and below, 6.3.16 and below, 6.4 all versions may allow an unauthenticated remote attacker to achieve ... Read more
Affected Products : fortiweb- EPSS Score: %82.16
- Published: Feb. 16, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2016-9013
Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before 1.10.3 use a hardcoded password for a temporary database user created when running tests with an Oracle database, which makes it easier for remote attackers to obtain access to the databas... Read more
- EPSS Score: %2.72
- Published: Dec. 09, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2021-21994
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.... Read more
- EPSS Score: %0.10
- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-46280
A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file t... Read more
Affected Products : open_babel- EPSS Score: %0.34
- Published: Jul. 21, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-46353
A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA... Read more
- EPSS Score: %1.40
- Published: Dec. 13, 2022
- Modified: Apr. 22, 2025
-
9.8
CRITICALCVE-2022-34470
Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.... Read more
- EPSS Score: %0.15
- Published: Dec. 22, 2022
- Modified: Apr. 15, 2025
-
9.8
CRITICALCVE-2023-37460
Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary fi... Read more
Affected Products : plexus-archiver- EPSS Score: %36.05
- Published: Jul. 25, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-37920
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates ... Read more
- EPSS Score: %0.11
- Published: Jul. 25, 2023
- Modified: Feb. 13, 2025
-
9.8
CRITICALCVE-2023-1708
An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim mach... Read more
Affected Products : gitlab- EPSS Score: %6.08
- Published: Apr. 05, 2023
- Modified: Feb. 10, 2025
-
9.8
CRITICALCVE-2023-20162
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affe... Read more
Affected Products : sf300-08_firmware sf302-08_firmware sf302-08pp_firmware sf302-08mpp_firmware sf300-24_firmware sf300-24p_firmware sf300-24pp_firmware sf300-24mp_firmware sf300-48_firmware sf300-48p_firmware +452 more products- EPSS Score: %0.30
- Published: May. 18, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7546
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.... Read more
- EPSS Score: %33.20
- Published: Aug. 16, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2023-40267
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.... Read more
Affected Products : gitpython- EPSS Score: %0.34
- Published: Aug. 11, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-21708
Remote Procedure Call Runtime Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_10_22h2 windows_server_2022 +7 more products- EPSS Score: %4.72
- Published: Mar. 14, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2016-3141
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggerin... Read more
- EPSS Score: %40.68
- Published: Mar. 31, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2017-7824
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vul... Read more
- EPSS Score: %15.37
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7751
A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.... Read more
- EPSS Score: %1.97
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-15254
Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not... Read more
Affected Products : crossbeam- EPSS Score: %0.51
- Published: Oct. 16, 2020
- Modified: Nov. 21, 2024