Latest CVE Feed
-
9.8
CRITICALCVE-2017-12183
xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code.... Read more
- EPSS Score: %0.95
- Published: Jan. 24, 2018
- Modified: Aug. 29, 2025
-
9.8
CRITICALCVE-2015-6941
win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs.... Read more
- EPSS Score: %0.41
- Published: Aug. 09, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2018-16402
libelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.... Read more
- EPSS Score: %1.09
- Published: Sep. 03, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-15588
An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow ... Read more
Affected Products : manageengine_desktop_central- EPSS Score: %5.98
- Published: Jul. 29, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-31748
Mozilla developers Gabriele Svelto, Timothy Nikkel, Randell Jesup, Jon Coppeard, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 100. Some of these bugs showed evidence of memory corruption and we presume that with enough effor... Read more
Affected Products : firefox- EPSS Score: %0.30
- Published: Dec. 22, 2022
- Modified: Apr. 15, 2025
-
9.8
CRITICALCVE-2022-45140
The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise.... Read more
- EPSS Score: %1.44
- Published: Feb. 27, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-7871
Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication.... Read more
- EPSS Score: %76.65
- Published: Aug. 07, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2020-15800
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPL... Read more
Affected Products : scalance_x202-2irt_firmware scalance_x204irt_firmware scalance_xf201-3p_irt_firmware scalance_xf202-2p_irt_firmware scalance_xf204-2ba_irt_firmware scalance_xf204irt_firmware scalance_xf204_firmware scalance_xf204-2_firmware scalance_xf206-1_firmware scalance_xf208_firmware +122 more products- EPSS Score: %0.84
- Published: Jan. 12, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-8261
The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request.... Read more
- EPSS Score: %4.36
- Published: Jan. 08, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2022-35583
wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. This allows the attacker to takeover the whole infrastructure by accessi... Read more
Affected Products : wkhtmltopdf- EPSS Score: %65.66
- Published: Aug. 22, 2022
- Modified: Mar. 18, 2025
-
9.8
CRITICALCVE-2018-1000060
Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redact_sensitive() that can result in sensitive configuration data (e.g. passwords) may be logged in ... Read more
Affected Products : sensu_core- EPSS Score: %0.45
- Published: Feb. 09, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-1817
Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors.... Read more
Affected Products : musl- EPSS Score: %0.45
- Published: Aug. 18, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-17833
OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.... Read more
- EPSS Score: %1.18
- Published: Apr. 23, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-48084
Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool.... Read more
Affected Products : nagios_xi- EPSS Score: %86.82
- Published: Dec. 14, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-13040
The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in print-mptcp.c, several functions.... Read more
Affected Products : tcpdump- EPSS Score: %1.84
- Published: Sep. 14, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2022-2526
A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other func... Read more
Affected Products : active_iq_unified_manager h300s_firmware h500s_firmware h700s_firmware h410s_firmware systemd h300s h410s h500s h700s- EPSS Score: %0.19
- Published: Sep. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-9502
Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device.... Read more
Affected Products : sd6al_firmware sd5a_firmware sd1a_firmware ptz1a_firmware sd50_firmware sd52c_firmware ipc-hx5842h_firmware ipc-hx7842h_firmware ipc-hx2xxx_firmware ipc-hxxx5x4x_firmware +30 more products- EPSS Score: %0.52
- Published: May. 13, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2016-10327
LibreOffice before 2016-12-22 has an out-of-bounds write caused by a heap-based buffer overflow related to the EnhWMFReader::ReadEnhWMF function in vcl/source/filter/wmf/enhwmf.cxx.... Read more
Affected Products : libreoffice- EPSS Score: %0.61
- Published: Apr. 14, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2021-32089
An issue was discovered on Zebra (formerly Motorola Solutions) Fixed RFID Reader FX9500 devices. An unauthenticated attacker can upload arbitrary files to the filesystem that can then be accessed through the web interface. This can lead to information dis... Read more
- EPSS Score: %1.64
- Published: May. 11, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2011-4889
The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration using T... Read more
Affected Products : websphere_application_server- EPSS Score: %0.81
- Published: Feb. 08, 2018
- Modified: Nov. 21, 2024