Latest CVE Feed
-
9.8
CRITICALCVE-2021-21994
SFCB (Small Footprint CIM Broker) as used in ESXi has an authentication bypass vulnerability. A malicious actor with network access to port 5989 on ESXi may exploit this issue to bypass SFCB authentication by sending a specially crafted request.... Read more
- EPSS Score: %0.11
- Published: Jul. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-46280
A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file t... Read more
Affected Products : open_babel- EPSS Score: %0.34
- Published: Jul. 21, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-46353
A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA... Read more
- EPSS Score: %1.40
- Published: Dec. 13, 2022
- Modified: Apr. 22, 2025
-
9.8
CRITICALCVE-2022-34470
Session history navigations may have led to a use-after-free and potentially exploitable crash. This vulnerability affects Firefox < 102, Firefox ESR < 91.11, Thunderbird < 102, and Thunderbird < 91.11.... Read more
- EPSS Score: %0.15
- Published: Dec. 22, 2022
- Modified: Apr. 15, 2025
-
9.8
CRITICALCVE-2023-37460
Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary fi... Read more
Affected Products : plexus-archiver- EPSS Score: %36.05
- Published: Jul. 25, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-37920
Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates ... Read more
- EPSS Score: %0.11
- Published: Jul. 25, 2023
- Modified: Feb. 13, 2025
-
9.8
CRITICALCVE-2023-1708
An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard, allowing unexpected commands to be executed on victim mach... Read more
Affected Products : gitlab- EPSS Score: %6.08
- Published: Apr. 05, 2023
- Modified: Feb. 10, 2025
-
9.8
CRITICALCVE-2023-20162
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affe... Read more
Affected Products : sf300-08_firmware sf302-08_firmware sf302-08pp_firmware sf302-08mpp_firmware sf300-24_firmware sf300-24p_firmware sf300-24pp_firmware sf300-24mp_firmware sf300-48_firmware sf300-48p_firmware +452 more products- EPSS Score: %0.30
- Published: May. 18, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7546
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allowing remote attackers to gain access to database accounts with an empty password.... Read more
- EPSS Score: %33.20
- Published: Aug. 16, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2023-40267
GitPython before 3.1.32 does not block insecure non-multi options in clone and clone_from. NOTE: this issue exists because of an incomplete fix for CVE-2022-24439.... Read more
Affected Products : gitpython- EPSS Score: %0.25
- Published: Aug. 11, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-21708
Remote Procedure Call Runtime Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_10_22h2 windows_server_2022 +7 more products- EPSS Score: %4.72
- Published: Mar. 14, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2016-3141
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggerin... Read more
- EPSS Score: %40.68
- Published: Mar. 31, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2017-7824
A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vul... Read more
- EPSS Score: %15.37
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7751
A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2.... Read more
- EPSS Score: %3.55
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-15254
Crossbeam is a set of tools for concurrent programming. In crossbeam-channel before version 0.4.4, the bounded channel incorrectly assumes that `Vec::from_iter` has allocated capacity that same as the number of iterator elements. `Vec::from_iter` does not... Read more
Affected Products : crossbeam- EPSS Score: %0.51
- Published: Oct. 16, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-27125
A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacke... Read more
Affected Products : security_manager- EPSS Score: %1.12
- Published: Nov. 17, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-23513
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution.... Read more
Affected Products : macos- EPSS Score: %0.25
- Published: Feb. 27, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-28201
This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4. A remote user may be able to cause unexpected app termination or arbitrary ... Read more
- EPSS Score: %3.98
- Published: May. 08, 2023
- Modified: Jan. 29, 2025
-
9.8
CRITICALCVE-2023-22779
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Succes... Read more
- EPSS Score: %0.88
- Published: May. 08, 2023
- Modified: Jan. 29, 2025
-
9.8
CRITICALCVE-2023-6395
The Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansi... Read more
- EPSS Score: %0.41
- Published: Jan. 16, 2024
- Modified: Nov. 21, 2024