Latest CVE Feed
-
9.8
CRITICALCVE-2024-25117
php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP < 8.0, and doesn't validate if external refe... Read more
- Published: Feb. 21, 2024
- Modified: Feb. 05, 2025
-
9.8
CRITICALCVE-2021-21692
FilePath#renameTo and FilePath#moveAllChildrenTo in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier only check 'read' agent-to-controller access permission on the source path, instead of 'delete'.... Read more
Affected Products : jenkins- EPSS Score: %1.01
- Published: Nov. 04, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7584
In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the php_stream_url_wrap_http_ex function in ext/standard/http_fopen_wrapper.c. This subse... Read more
- EPSS Score: %70.84
- Published: Mar. 01, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-34423
A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for... Read more
- EPSS Score: %1.60
- Published: Nov. 24, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-21587
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network ... Read more
- Actively Exploited
- EPSS Score: %94.39
- Published: Oct. 18, 2022
- Modified: Mar. 12, 2025
-
9.8
CRITICALCVE-2021-34813
Matrix libolm before 3.2.3 allows a malicious Matrix homeserver to crash a client (while it is attempting to retrieve an Olm encrypted room key backup from the homeserver) because olm_pk_decrypt has a stack-based buffer overflow. Remote code execution mig... Read more
Affected Products : olm- EPSS Score: %4.46
- Published: Jun. 16, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-9355
danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled.... Read more
- EPSS Score: %0.53
- Published: Feb. 23, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-12026
During the spawning of a malicious Passenger-managed application, SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows such applications to replace key files or directories in the spawning communication directory with symlinks. This then could resul... Read more
- EPSS Score: %1.18
- Published: Jun. 17, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-3783
Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a heap corruption vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more
- EPSS Score: %24.98
- Published: Mar. 25, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-12422
addressbook/backends/ldap/e-book-backend-ldap.c in Evolution-Data-Server in GNOME Evolution through 3.29.2 might allow attackers to trigger a Buffer Overflow via a long query that is processed by the strcat function. NOTE: the software maintainer disputes... Read more
Affected Products : evolution- EPSS Score: %0.54
- Published: Jun. 15, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-32863
A memory corruption issue was addressed with improved state management. This issue is fixed in Safari 15.6, macOS Monterey 12.5. Processing maliciously crafted web content may lead to arbitrary code execution.... Read more
- EPSS Score: %0.45
- Published: Sep. 20, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-3318
Multiple vulnerabilities in Cisco Firepower Management Center (FMC) Software and Cisco Firepower User Agent Software could allow an attacker to access a sensitive part of an affected system with a high-privileged account. For more information about these ... Read more
- EPSS Score: %0.41
- Published: May. 06, 2020
- Modified: Nov. 26, 2024
-
9.8
CRITICALCVE-2022-34821
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2), SCALANCE M804PB (6GK5804-0AP00-2AA2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2), SCALANCE M812-1 ADSL-Router... Read more
Affected Products : scalance_s615_firmware simatic_cp_1242-7_v2_firmware simatic_cp_1243-1_firmware simatic_cp_1243-7_lte_eu_firmware simatic_cp_1243-7_lte_us_firmware simatic_cp_1243-8_irc_firmware simatic_cp_1542sp-1_irc_firmware simatic_cp_1543sp-1_firmware siplus_et_200sp_cp_1542sp-1_irc_tx_rail_firmware siplus_et_200sp_cp_1543sp-1_isec_firmware +50 more products- EPSS Score: %0.50
- Published: Jul. 12, 2022
- Modified: Jan. 14, 2025
-
9.8
CRITICALCVE-2017-15118
A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write... Read more
- EPSS Score: %2.31
- Published: Jul. 27, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-8025
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful e... Read more
- EPSS Score: %5.18
- Published: Aug. 20, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-8597
eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions.... Read more
Affected Products : ubuntu_linux debian_linux ruggedcom_rm1224_firmware point-to-point_protocol pfc_firmware pfc100 pfc200- EPSS Score: %67.51
- Published: Feb. 03, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-1010022
GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may bypass stack guard protection. The component is: nptl. The attack vector is: Exploit stack buffer overflow vulnerability and use this bypass vulnerability to bypass stack guar... Read more
Affected Products : glibc- EPSS Score: %0.14
- Published: Jul. 15, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-1361
A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode that are running Cisco NX-OS Software could allow an unauthenticated, remote at... Read more
Affected Products : nx-os nexus_3000 nexus_3100 nexus_3100-z nexus_3100v nexus_3200 nexus_3400 nexus_3500 nexus_3600 nexus_9000v +39 more products- EPSS Score: %0.29
- Published: Feb. 24, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-1871
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code executio... Read more
- Actively Exploited
- EPSS Score: %0.61
- Published: Apr. 02, 2021
- Modified: Feb. 28, 2025
-
9.8
CRITICALCVE-2023-20078
Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilit... Read more
- EPSS Score: %10.82
- Published: Mar. 03, 2023
- Modified: Nov. 21, 2024