Latest CVE Feed
-
9.8
CRITICALCVE-2017-7546
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.... Read more
- EPSS Score: %33.20
- Published: Aug. 16, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2023-40267
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.... Read more
Affected Products : gitpython- EPSS Score: %0.25
- Published: Aug. 11, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-21708
Remote Procedure Call Runtime Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_10_22h2 windows_server_2022 +7 more products- EPSS Score: %4.72
- Published: Mar. 14, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2016-3141
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggerin... Read more
- EPSS Score: %40.68
- Published: Mar. 31, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2017-7824
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vul... Read more
- EPSS Score: %15.37
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7751
A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.... Read more
- EPSS Score: %3.55
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-15254
Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not... Read more
Affected Products : crossbeam- EPSS Score: %0.51
- Published: Oct. 16, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-27125
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacke... Read more
Affected Products : security_manager- EPSS Score: %1.12
- Published: Nov. 17, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-23513
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution.... Read more
Affected Products : macos- EPSS Score: %0.25
- Published: Feb. 27, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-28201
This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4. A remote user may be able to cause unexpected app termination or arbitrary ... Read more
- EPSS Score: %3.98
- Published: May. 08, 2023
- Modified: Jan. 29, 2025
-
9.8
CRITICALCVE-2023-22779
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Succes... Read more
- EPSS Score: %0.88
- Published: May. 08, 2023
- Modified: Jan. 29, 2025
-
9.8
CRITICALCVE-2023-6395
The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansi... Read more
- EPSS Score: %0.41
- Published: Jan. 16, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-37434
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source... Read more
Affected Products : fedora debian_linux active_iq_unified_manager ontap_select_deploy_administration_utility macos oncommand_workflow_automation h300s_firmware h500s_firmware h700s_firmware iphone_os +12 more products- EPSS Score: %92.68
- Published: Aug. 05, 2022
- Modified: May. 30, 2025
-
9.8
CRITICALCVE-2022-37454
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interfac... Read more
- EPSS Score: %1.80
- Published: Oct. 21, 2022
- Modified: May. 08, 2025
-
9.8
CRITICALCVE-2024-42256
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix server re-repick on subrequest retry When a subrequest is marked for needing retry, netfs will call cifs_prepare_write() which will make cifs repick the server for the op befo... Read more
Affected Products : linux_kernel- Published: Aug. 08, 2024
- Modified: Sep. 06, 2024
-
9.8
CRITICALCVE-2024-4323
A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.... Read more
Affected Products : fluent_bit- Published: May. 20, 2024
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2020-17353
scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.... Read more
- EPSS Score: %1.26
- Published: Aug. 05, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-23313
An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code... Read more
- Published: Feb. 20, 2024
- Modified: Aug. 10, 2025
-
9.8
CRITICALCVE-2024-4577
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to W... Read more
- Actively Exploited
- Published: Jun. 09, 2024
- Modified: Mar. 28, 2025
-
9.8
CRITICALCVE-2021-26120
Smarty before 3.1.39 allows code injection via an unexpected function name after a {function name= substring.... Read more
- EPSS Score: %78.84
- Published: Feb. 22, 2021
- Modified: Nov. 21, 2024