Latest CVE Feed
-
9.8
CRITICALCVE-2019-9800
Mozilla developers and community members reported memory safety bugs present in Firefox 66, Firefox ESR 60.6, and Thunderbird 60.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be ... Read more
- EPSS Score: %0.55
- Published: Jul. 23, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-8840
FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter.... Read more
- EPSS Score: %8.06
- Published: Feb. 10, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-1994
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network ac... Read more
- EPSS Score: %26.76
- Published: Jan. 20, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-44538
The olm_session_describe function in Matrix libolm before 3.2.7 is vulnerable to a buffer overflow. The Olm session object represents a cryptographic channel between two parties. Therefore, its state is partially controllable by the remote party of the ch... Read more
- EPSS Score: %1.42
- Published: Dec. 14, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-15389
A vulnerability in the install function of Cisco Prime Collaboration Provisioning (PCP) could allow an unauthenticated, remote attacker to access the administrative web interface using a default hard-coded username and password that are used during instal... Read more
- EPSS Score: %0.81
- Published: Oct. 05, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2016-10082
include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() ... Read more
Affected Products : serendipity- EPSS Score: %1.53
- Published: Dec. 30, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2022-0080
mruby is vulnerable to Heap-based Buffer Overflow... Read more
Affected Products : mruby- EPSS Score: %0.34
- Published: Jan. 02, 2022
- Modified: May. 22, 2025
-
9.8
CRITICALCVE-2019-20330
FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.... Read more
Affected Products : debian_linux active_iq_unified_manager weblogic_server siebel_ui_framework snapcenter steelstore_cloud_integrated_storage communications_cloud_native_core_network_slice_selection_function primavera_unifier goldengate_application_adapters jd_edwards_enterpriseone_tools +20 more products- EPSS Score: %1.61
- Published: Jan. 03, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-10072
In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.... Read more
- EPSS Score: %0.26
- Published: Feb. 27, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-30678
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A remote attacker may be able to cause unexpected application termination or arbitra... Read more
- EPSS Score: %2.48
- Published: Sep. 08, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-24112
An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port ... Read more
Affected Products : apisix- Actively Exploited
- EPSS Score: %94.34
- Published: Feb. 11, 2022
- Modified: Mar. 06, 2025
-
9.8
CRITICALCVE-2017-5225
LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.... Read more
Affected Products : libtiff- EPSS Score: %0.98
- Published: Jan. 12, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2018-5187
Memory safety bugs present in Firefox 60 and Firefox ESR 60. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird... Read more
- EPSS Score: %3.69
- Published: Oct. 18, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-25235
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.... Read more
Affected Products : fedora zfs_storage_appliance_kit debian_linux http_server sinema_remote_connect_server libexpat- EPSS Score: %13.32
- Published: Feb. 16, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2014-1514
vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 does not validate the length of the destination array before a copy operation, which allows remote attackers to execute... Read more
Affected Products : firefox firefox_esr thunderbird ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus +7 more products- EPSS Score: %4.16
- Published: Mar. 19, 2014
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2021-39214
mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.2 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a requ... Read more
Affected Products : mitmproxy- EPSS Score: %0.19
- Published: Sep. 16, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-26496
In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name.... Read more
- EPSS Score: %0.48
- Published: Mar. 06, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-34481
<p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker c... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 +9 more products- EPSS Score: %26.94
- Published: Jul. 16, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-5459
A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.... Read more
- EPSS Score: %6.62
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-5483
The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse().... Read more
Affected Products : tcpdump- EPSS Score: %0.93
- Published: Jan. 28, 2017
- Modified: Apr. 20, 2025