Latest CVE Feed
-
9.8
CRITICALCVE-2020-10148
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands. This vulnerability could allow a remote attacker to bypass authentication and execute API commands which may result in a comprom... Read more
Affected Products : orion_platform- Actively Exploited
- Published: Dec. 29, 2020
- Modified: Mar. 17, 2025
-
9.8
CRITICALCVE-2024-23809
A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a mal... Read more
- Published: Feb. 20, 2024
- Modified: Aug. 10, 2025
-
9.8
CRITICALCVE-2024-11739
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Case Informatics Case ERP allows SQL Injection.This issue affects Case ERP: before V2.0.1.... Read more
Affected Products :- Published: Jun. 27, 2025
- Modified: Jun. 30, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2022-34722
Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +11 more products- Published: Sep. 13, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-14350
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field.... Read more
- Published: Jul. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-10683
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any applic... Read more
- Published: May. 01, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-11058
RSA BSAFE Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) and prior to 4.1.6 (in 4.1.x), and RSA BSAFE Crypto-C Micro Edition, version prior to 4.0.5.3 (in 4.0.x) contain a Buffer Over-Read vulnerability when parsing ASN.1 data. A remote attacker... Read more
- Published: Sep. 14, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7053
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.... Read more
- Published: Feb. 15, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2010-0840
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE:... Read more
- Actively Exploited
- Published: Apr. 01, 2010
- Modified: Apr. 11, 2025
-
9.8
CRITICALCVE-2024-38077
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability... Read more
- Published: Jul. 09, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-11698
A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions li... Read more
- Published: Nov. 26, 2024
- Modified: Jun. 24, 2025
-
9.8
CRITICALCVE-2018-7263
The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: this may... Read more
Affected Products : libmad- Published: Feb. 20, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-20067
In modem, there is a possible out of bounds write due to improper input invalidation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01267285; Issu... Read more
- Published: Jun. 03, 2024
- Modified: Apr. 25, 2025
-
9.8
CRITICALCVE-2023-36911
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability... Read more
Affected Products : windows_10 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 +7 more products- Published: Aug. 08, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-11646
A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit-services.php. The manipulation of the argument sername leads to sql ... Read more
Affected Products : beauty_parlour_management_system- Published: Nov. 25, 2024
- Modified: Nov. 25, 2024
-
9.8
CRITICALCVE-2024-11635
The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server.... Read more
Affected Products : wordpress_file_upload- Published: Jan. 08, 2025
- Modified: Mar. 13, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2024-11631
A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /expedit.php. The manipulation of the argument expcat leads to sql injection. The attack may be in... Read more
Affected Products : tailoring_management_system- Published: Nov. 23, 2024
- Modified: Nov. 25, 2024
-
9.8
CRITICALCVE-2015-1276
Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by l... Read more
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2018-7809
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server.... Read more
- Published: Nov. 30, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-11592
A vulnerability has been found in 1000 Projects Beauty Parlour Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/about-us.php. The manipulation of the argument pagetitle leads to sql injection. Th... Read more
Affected Products : beauty_parlour_management_system- Published: Nov. 21, 2024
- Modified: Dec. 10, 2024