Latest CVE Feed
-
9.8
CRITICALCVE-2018-11307
An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.... Read more
- EPSS Score: %12.64
- Published: Jul. 09, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-31685
VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.... Read more
Affected Products : workspace_one_assist- EPSS Score: %0.06
- Published: Nov. 09, 2022
- Modified: May. 01, 2025
-
9.8
CRITICALCVE-2018-10931
It was found that cobbler 2.6.x exposed all functions from its CobblerXMLRPCInterface class over XMLRPC. A remote, unauthenticated attacker could use this flaw to gain high privileges within cobbler, upload files to arbitrary location in the context of th... Read more
- EPSS Score: %67.78
- Published: Aug. 09, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-27510
Unauthorized access to Gateway user capabilities ... Read more
Affected Products : gateway application_delivery_controller_firmware application_delivery_controller- EPSS Score: %0.59
- Published: Nov. 08, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7791
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to overwrite the original password with ... Read more
- EPSS Score: %0.34
- Published: Aug. 29, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-8013
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calli... Read more
- EPSS Score: %0.98
- Published: May. 24, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-3148
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/th... Read more
- EPSS Score: %9.36
- Published: Feb. 27, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-29999
An issue was discovered in Wind River VxWorks through 6.8. There is a possible stack overflow in dhcp server.... Read more
Affected Products : vxworks- EPSS Score: %0.39
- Published: Apr. 13, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-9546
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).... Read more
- EPSS Score: %2.33
- Published: Mar. 02, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-14204
An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.... Read more
Affected Products : u-boot- EPSS Score: %0.46
- Published: Jul. 31, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-30315
Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0053, there is a Honeywell Experion PKS Safety Manager insufficient logic security controls issue. The affecte... Read more
- EPSS Score: %1.44
- Published: Jul. 28, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-3785
Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more
- EPSS Score: %10.06
- Published: Mar. 25, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-3789
Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more
- EPSS Score: %10.06
- Published: Mar. 25, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-32511
jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.... Read more
- EPSS Score: %1.10
- Published: Jun. 06, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-2119
OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.... Read more
Affected Products : dcmtk- EPSS Score: %2.94
- Published: Jun. 24, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-12378
A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash. This vulnerability affects Firefox < 62, Fire... Read more
Affected Products : firefox firefox_esr thunderbird ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus +1 more products- EPSS Score: %2.71
- Published: Oct. 18, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-12405
Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run ar... Read more
Affected Products : firefox firefox_esr thunderbird ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus +1 more products- EPSS Score: %2.78
- Published: Feb. 28, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-44000
Insufficiently Protected Credentials vulnerability in LiteSpeed Technologies LiteSpeed Cache allows Authentication Bypass.This issue affects LiteSpeed Cache: from n/a before 6.5.0.1.... Read more
Affected Products : litespeed_cache- Published: Oct. 20, 2024
- Modified: Oct. 23, 2024
-
9.8
CRITICALCVE-2023-49569
A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are ... Read more
Affected Products : go-git- EPSS Score: %4.03
- Published: Jan. 12, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-44324
Adobe FrameMaker Publishing Server versions 2022 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An unauthenticated attacker can abuse this vulnerability to access the API and leak defau... Read more
- EPSS Score: %0.29
- Published: Nov. 17, 2023
- Modified: Nov. 21, 2024