Latest CVE Feed
-
9.8
CRITICALCVE-2023-21690
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_10_22h2 windows_server_2022 +6 more products- EPSS Score: %22.73
- Published: Feb. 14, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22767
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is un... Read more
Affected Products : powerlogic_egx100_firmware powerlogic_egx300_firmware powerlogic_egx100 powerlogic_egx300- EPSS Score: %0.59
- Published: Jun. 11, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7785
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.... Read more
- EPSS Score: %10.90
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7828
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57,... Read more
- EPSS Score: %34.67
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-23369
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.... Read more
Affected Products : handlebars- EPSS Score: %4.04
- Published: Apr. 12, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-26463
strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereferenc... Read more
- EPSS Score: %17.49
- Published: Apr. 15, 2023
- Modified: Feb. 07, 2025
-
9.8
CRITICALCVE-2023-2262
A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a thr... Read more
Affected Products : 1756-en2t_series_a_firmware 1756-en2t_series_b_firmware 1756-en2t_series_c_firmware 1756-en2t_series_d_firmware 1756-en2tk_series_a_firmware 1756-en2tk_series_b_firmware 1756-en2tk_series_c_firmware 1756-en2txt_series_a_firmware 1756-en2txt_series_b_firmware 1756-en2txt_series_c_firmware +56 more products- EPSS Score: %4.48
- Published: Sep. 20, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-3520
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.... Read more
Affected Products : vim- EPSS Score: %0.07
- Published: Dec. 02, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-2382
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthen... Read more
Affected Products : weblogic_server- EPSS Score: %2.32
- Published: Jul. 21, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-1253
Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release.... Read more
Affected Products : libde265- EPSS Score: %0.54
- Published: Apr. 06, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-35728
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may rem... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +2 more products- EPSS Score: %0.68
- Published: Aug. 04, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-24077
Windows Fax Service Remote Code Execution Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +10 more products- EPSS Score: %1.85
- Published: Feb. 25, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-28333
The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).... Read more
- EPSS Score: %0.69
- Published: Mar. 23, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-26035
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. ... Read more
Affected Products : zoneminder- EPSS Score: %49.10
- Published: Feb. 25, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-28037
is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of se... Read more
- EPSS Score: %12.80
- Published: Nov. 02, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-15801
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.... Read more
- EPSS Score: %0.60
- Published: Jul. 17, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-8287
FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.... Read more
Affected Products : freetype- EPSS Score: %0.87
- Published: Apr. 27, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2023-5730
Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnera... Read more
- EPSS Score: %0.38
- Published: Oct. 25, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-36947
Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7.5 results in a stack buffer overflow.... Read more
- EPSS Score: %0.80
- Published: Aug. 18, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-37886
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successfu... Read more
- EPSS Score: %1.30
- Published: Oct. 07, 2022
- Modified: Nov. 21, 2024