Latest CVE Feed
-
9.8
CRITICALCVE-2022-29806
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.... Read more
Affected Products : zoneminder- EPSS Score: %87.24
- Published: Apr. 26, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-43215
iSNS Server Memory Corruption Vulnerability Can Lead to Remote Code Execution... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server windows_10_1607 +12 more products- EPSS Score: %1.70
- Published: Dec. 15, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-20016
A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access username password and other session related information. This vulnerability impacts SMA100 build version 10.x.... Read more
Affected Products : sma_210_firmware sma_410_firmware sma_100_firmware sma_200_firmware sma_400_firmware sma_500v sma_210 sma_410 sma_200 sma_400 +1 more products- Actively Exploited
- EPSS Score: %80.44
- Published: Feb. 04, 2021
- Modified: Mar. 14, 2025
-
9.8
CRITICALCVE-2021-45956
Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.... Read more
Affected Products : dnsmasq- EPSS Score: %0.05
- Published: Jan. 01, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-1955
CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. It was meant as an extension to the long standing setting `require_valid_user`, which in tu... Read more
Affected Products : couchdb- EPSS Score: %2.10
- Published: May. 20, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-35405
Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also affects ManageEngine Access Manager Plus before 4303 with authentication.)... Read more
Affected Products : manageengine_password_manager_pro manageengine_pam360 manageengine_access_manager_plus- Actively Exploited
- EPSS Score: %94.42
- Published: Jul. 19, 2022
- Modified: Mar. 27, 2025
-
9.8
CRITICALCVE-2023-28250
Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_10_22h2 windows_server_2022 +7 more products- EPSS Score: %5.62
- Published: Apr. 11, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-34152
A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured.... Read more
- EPSS Score: %74.52
- Published: May. 30, 2023
- Modified: Jan. 13, 2025
-
9.8
CRITICALCVE-2023-36028
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 windows_11_22h2 windows_10_1507 +4 more products- EPSS Score: %0.54
- Published: Nov. 14, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-46291
Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An at... Read more
Affected Products : open_babel- EPSS Score: %0.13
- Published: Jul. 21, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-20020
LibVNC before commit 7b1ef0ffc4815cab9a96c7278394152bdc89dc4d contains heap out-of-bound write vulnerability inside structure in VNC client code that can result remote code execution... Read more
- EPSS Score: %16.83
- Published: Dec. 19, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-37285
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.... Read more
- EPSS Score: %0.39
- Published: Jul. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-43082
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite memory. This issue affects Apache Traffic Server 9.1.0.... Read more
Affected Products : traffic_server- EPSS Score: %1.25
- Published: Nov. 03, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-3824
In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or R... Read more
- EPSS Score: %28.78
- Published: Aug. 11, 2023
- Modified: Feb. 13, 2025
-
9.8
CRITICALCVE-2019-5482
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.... Read more
Affected Products : fedora debian_linux leap curl cloud_backup oncommand_insight oncommand_unified_manager oncommand_workflow_automation snapcenter steelstore_cloud_integrated_storage +7 more products- EPSS Score: %10.79
- Published: Sep. 16, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-40400
This issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. A remote user may cause an unexpected app termination or arbitrary code execution.... Read more
- EPSS Score: %1.68
- Published: Sep. 27, 2023
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2023-40889
A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the ... Read more
Affected Products : zbar- EPSS Score: %0.62
- Published: Aug. 29, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-21692
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_10_22h2 windows_server_2022 +7 more products- EPSS Score: %32.58
- Published: Feb. 14, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-21690
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_10_22h2 windows_server_2022 +6 more products- EPSS Score: %22.73
- Published: Feb. 14, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22767
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is un... Read more
Affected Products : powerlogic_egx100_firmware powerlogic_egx300_firmware powerlogic_egx100 powerlogic_egx300- EPSS Score: %0.59
- Published: Jun. 11, 2021
- Modified: Nov. 21, 2024