Latest CVE Feed
-
9.8
CRITICALCVE-2021-24094
Windows TCP/IP Remote Code Execution Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +10 more products- EPSS Score: %14.02
- Published: Feb. 25, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-44026
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params.... Read more
- Actively Exploited
- EPSS Score: %68.13
- Published: Nov. 19, 2021
- Modified: Mar. 14, 2025
-
9.8
CRITICALCVE-2019-19333
In all versions of libyang before 1.0-r5, a stack-based buffer overflow was discovered in the way libyang parses YANG files with a leaf of type "bits". An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which wo... Read more
- EPSS Score: %0.82
- Published: Dec. 06, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-20231
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.... Read more
Affected Products : enterprise_linux fedora active_iq_unified_manager gnutls e-series_performance_analyzer- EPSS Score: %0.92
- Published: Mar. 12, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-28802
A command injection vulnerabilities have been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. This issue affects: QNAP Systems Inc. QTS versions prior to 4... Read more
- EPSS Score: %1.06
- Published: Jul. 01, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-4105
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "APFS" component. It allows attackers to trigger truncation of an APFS volume password via an unspecified injection.... Read more
- EPSS Score: %1.89
- Published: Apr. 03, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-31921
Istio before 1.8.6 and 1.9.x before 1.9.5 contains a remotely exploitable vulnerability where an external client can access unexpected services in the cluster, bypassing authorization checks, when a gateway is configured with AUTO_PASSTHROUGH routing conf... Read more
Affected Products : istio- EPSS Score: %0.21
- Published: Jun. 02, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-1506
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain una... Read more
- EPSS Score: %1.12
- Published: May. 06, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-10071
In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax.... Read more
- EPSS Score: %0.28
- Published: Feb. 27, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23478
xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP). xrdp < v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. There are no known work... Read more
- EPSS Score: %0.16
- Published: Dec. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23218
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a ... Read more
- EPSS Score: %0.40
- Published: Jan. 14, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2018-5156
A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thun... Read more
Affected Products : firefox firefox_esr thunderbird ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus +1 more products- EPSS Score: %2.67
- Published: Oct. 18, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-25236
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.... Read more
Affected Products : zfs_storage_appliance_kit debian_linux http_server sinema_remote_connect_server libexpat- EPSS Score: %9.36
- Published: Feb. 16, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2021-33046
Some Dahua products have access control vulnerability in the password reset process. Attackers can exploit this vulnerability through specific deployments to reset device passwords.... Read more
Affected Products : sd6al_firmware sd50_firmware sd52c_firmware ipc-hx2xxx_firmware ipc-hx3xxx_firmware ipc-hx5xxx_firmware sd1a1_firmware sd22_firmware tpc-bf1241_firmware tpc-bf2221_firmware +46 more products- EPSS Score: %0.59
- Published: Jan. 13, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-14353
An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.... Read more
- EPSS Score: %4.42
- Published: Jul. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-29164
HDF5 through 1.14.3 contains a stack buffer overflow in H5R__decode_heap, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution.... Read more
Affected Products : hdf5- Published: May. 14, 2024
- Modified: Apr. 18, 2025
-
9.8
CRITICALCVE-2018-5506
In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow possible unauthenticated bruteforce on the em_server_ip authorization parameter to obtain which SSL client c... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager +3 more products- EPSS Score: %0.20
- Published: Apr. 13, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-5485
The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap().... Read more
Affected Products : tcpdump- EPSS Score: %0.93
- Published: Jan. 28, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2022-28209
An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect.... Read more
Affected Products : mediawiki- EPSS Score: %0.36
- Published: Mar. 30, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-3463
Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the execution of arbitrary shell commands.... Read more
- EPSS Score: %8.56
- Published: Feb. 06, 2019
- Modified: Nov. 21, 2024