Latest CVE Feed
-
9.8
CRITICALCVE-2023-40400
This issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. A remote user may cause an unexpected app termination or arbitrary code execution.... Read more
- EPSS Score: %1.68
- Published: Sep. 27, 2023
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2023-40889
A heap-based buffer overflow exists in the qr_reader_match_centers function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the ... Read more
Affected Products : zbar- EPSS Score: %0.62
- Published: Aug. 29, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-21692
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_10_22h2 windows_server_2022 +7 more products- EPSS Score: %32.58
- Published: Feb. 14, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-21690
Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_10_22h2 windows_server_2022 +6 more products- EPSS Score: %22.73
- Published: Feb. 14, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-22767
A CWE-20: Improper Input Validation vulnerability exists in PowerLogic EGX100 (Versions 3.0.0 and newer) and PowerLogic EGX300 (All Versions) that could cause denial of service or remote code execution via a specially crafted HTTP packet.This CVE ID is un... Read more
Affected Products : powerlogic_egx100_firmware powerlogic_egx300_firmware powerlogic_egx100 powerlogic_egx300- EPSS Score: %0.59
- Published: Jun. 11, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7785
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.... Read more
- EPSS Score: %10.90
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-7828
A use-after-free vulnerability can occur when flushing and resizing layout because the "PressShell" object has been freed while still in use. This results in a potentially exploitable crash during these operations. This vulnerability affects Firefox < 57,... Read more
- EPSS Score: %34.67
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-23369
The package handlebars before 4.7.7 are vulnerable to Remote Code Execution (RCE) when selecting certain compiling options to compile templates coming from an untrusted source.... Read more
Affected Products : handlebars- EPSS Score: %4.04
- Published: Apr. 12, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-26463
strongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes within the same function. There is initially incorrect access control, later followed by an expired pointer dereferenc... Read more
- EPSS Score: %17.49
- Published: Apr. 15, 2023
- Modified: Feb. 07, 2025
-
9.8
CRITICALCVE-2023-2262
A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a thr... Read more
Affected Products : 1756-en2t_series_a_firmware 1756-en2t_series_b_firmware 1756-en2t_series_c_firmware 1756-en2t_series_d_firmware 1756-en2tk_series_a_firmware 1756-en2tk_series_b_firmware 1756-en2tk_series_c_firmware 1756-en2txt_series_a_firmware 1756-en2txt_series_b_firmware 1756-en2txt_series_c_firmware +56 more products- EPSS Score: %4.48
- Published: Sep. 20, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-3520
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765.... Read more
Affected Products : vim- EPSS Score: %0.07
- Published: Dec. 02, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-2382
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Security). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthen... Read more
Affected Products : weblogic_server- EPSS Score: %2.32
- Published: Jul. 21, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-1253
Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release.... Read more
Affected Products : libde265- EPSS Score: %0.54
- Published: Apr. 06, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-35728
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may rem... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +2 more products- EPSS Score: %0.68
- Published: Aug. 04, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-24077
Windows Fax Service Remote Code Execution Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +10 more products- EPSS Score: %1.85
- Published: Feb. 25, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-28333
The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).... Read more
- EPSS Score: %0.69
- Published: Mar. 23, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-26035
ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Versions prior to 1.36.33 and 1.37.33 are vulnerable to Unauthenticated Remote Code Execution via Missing Authorization. ... Read more
Affected Products : zoneminder- EPSS Score: %49.10
- Published: Feb. 25, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-28037
is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of se... Read more
- EPSS Score: %12.80
- Published: Nov. 02, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-15801
In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. The <executable-name>._pth file (e.g., the python._pth file) is not affected.... Read more
- EPSS Score: %0.60
- Published: Jul. 17, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-8287
FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a heap-based buffer overflow related to the t1_builder_close_contour function in psaux/psobjs.c.... Read more
Affected Products : freetype- EPSS Score: %0.87
- Published: Apr. 27, 2017
- Modified: Apr. 20, 2025