Latest CVE Feed
-
9.8
CRITICALCVE-2017-7785
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.... Read more
- EPSS Score: %10.90
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7828
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57,... Read more
- EPSS Score: %34.67
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-23369
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.... Read more
Affected Products : handlebars- EPSS Score: %4.04
- Published: Apr. 12, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-26463
strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereferenc... Read more
- EPSS Score: %17.49
- Published: Apr. 15, 2023
- Modified: Feb. 07, 2025
-
9.8
CRITICALCVE-2023-2262
A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a thr... Read more
Affected Products : 1756-en2t_series_a_firmware 1756-en2t_series_b_firmware 1756-en2t_series_c_firmware 1756-en2t_series_d_firmware 1756-en2tk_series_a_firmware 1756-en2tk_series_b_firmware 1756-en2tk_series_c_firmware 1756-en2txt_series_a_firmware 1756-en2txt_series_b_firmware 1756-en2txt_series_c_firmware +56 more products- EPSS Score: %4.48
- Published: Sep. 20, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-3520
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.... Read more
Affected Products : vim- EPSS Score: %0.07
- Published: Dec. 02, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-2382
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthen... Read more
Affected Products : weblogic_server- EPSS Score: %2.32
- Published: Jul. 21, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-1253
Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release.... Read more
Affected Products : libde265- EPSS Score: %0.54
- Published: Apr. 06, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-35728
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may rem... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +2 more products- EPSS Score: %0.68
- Published: Aug. 04, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-24077
Windows Fax Service Remote Code Execution Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +10 more products- EPSS Score: %1.85
- Published: Feb. 25, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-28333
The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).... Read more
- EPSS Score: %0.69
- Published: Mar. 23, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-26035
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. ... Read more
Affected Products : zoneminder- EPSS Score: %49.10
- Published: Feb. 25, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-28037
is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of se... Read more
- EPSS Score: %12.80
- Published: Nov. 02, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-15801
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.... Read more
- EPSS Score: %0.60
- Published: Jul. 17, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-8287
FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.... Read more
Affected Products : freetype- EPSS Score: %0.87
- Published: Apr. 27, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2023-5730
Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnera... Read more
- EPSS Score: %0.38
- Published: Oct. 25, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-36947
Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7.5 results in a stack buffer overflow.... Read more
- EPSS Score: %0.80
- Published: Aug. 18, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-37886
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successfu... Read more
- EPSS Score: %1.30
- Published: Oct. 07, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-20798
A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to by... Read more
- EPSS Score: %0.08
- Published: Jun. 15, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-5656
Improper access control vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digi... Read more
- EPSS Score: %0.75
- Published: Nov. 02, 2020
- Modified: Nov. 21, 2024