Latest CVE Feed
-
9.8
CRITICALCVE-2022-37889
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successfu... Read more
- EPSS Score: %1.30
- Published: Oct. 07, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-5653
Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of se... Read more
- EPSS Score: %0.86
- Published: Nov. 02, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-41730
In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. The attacker can fully compromise the system resulting in High impact on ... Read more
- Published: Aug. 13, 2024
- Modified: Sep. 12, 2024
-
9.8
CRITICALCVE-2022-38143
A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to arbitrary out of bounds memory, which can lead to arbitrary code execution. An attacker can provid... Read more
Affected Products : openimageio- EPSS Score: %0.30
- Published: Dec. 22, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-52389
UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of... Read more
- EPSS Score: %0.14
- Published: Jan. 27, 2024
- Modified: May. 29, 2025
-
9.8
CRITICALCVE-2024-23113
A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 th... Read more
- Actively Exploited
- EPSS Score: %45.02
- Published: Feb. 15, 2024
- Modified: Nov. 29, 2024
-
9.8
CRITICALCVE-2024-21899
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability... Read more
- Published: Mar. 08, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-33635
When malicious images are pulled by isula pull, attackers can execute arbitrary code.... Read more
Affected Products : isula- EPSS Score: %0.15
- Published: Oct. 29, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-24691
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.... Read more
- EPSS Score: %0.47
- Published: Feb. 14, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-7612
A sensitive data disclosure flaw was found in the way Logstash versions before 5.6.15 and 6.6.1 logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part o... Read more
- EPSS Score: %0.48
- Published: Mar. 25, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-32216
Mozilla developers and community members Ronald Crane, Andrew McCreight, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112. Some of these bugs showed evidence of memory corruption and we presume that with enough... Read more
Affected Products : firefox- EPSS Score: %0.28
- Published: Jun. 19, 2023
- Modified: May. 27, 2025
-
9.8
CRITICALCVE-2017-9214
In Open vSwitch (OvS) 2.7.0, while parsing an OFPT_QUEUE_GET_CONFIG_REPLY type OFP 1.0 message, there is a buffer over-read that is caused by an unsigned integer underflow in the function `ofputil_pull_queue_get_config_reply10` in `lib/ofp-util.c`.... Read more
Affected Products : enterprise_linux debian_linux openstack virtualization virtualization_manager openvswitch- EPSS Score: %7.31
- Published: May. 23, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-9224
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validatio... Read more
- EPSS Score: %0.40
- Published: May. 24, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-9227
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_... Read more
- EPSS Score: %0.38
- Published: May. 24, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2024-5910
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition. Note: Expedition is a tool aiding in configuration migration, tuning, and en... Read more
- Actively Exploited
- Published: Jul. 10, 2024
- Modified: Nov. 27, 2024
-
9.8
CRITICALCVE-2022-23219
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a... Read more
Affected Products : debian_linux communications_cloud_native_core_network_repository_function communications_cloud_native_core_unified_data_repository glibc communications_cloud_native_core_network_function_cloud_native_environment communications_cloud_native_core_binding_support_function communications_cloud_native_core_security_edge_protection_proxy enterprise_operations_monitor- EPSS Score: %0.40
- Published: Jan. 14, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2024-6376
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version 1.42.2... Read more
Affected Products : compass- Published: Jul. 01, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-9838
The caml_ba_deserialize function in byterun/bigarray.c in the standard library in OCaml 4.06.0 has an integer overflow which, in situations where marshalled data is accepted from an untrusted source, allows remote attackers to cause a denial of service (m... Read more
- EPSS Score: %1.12
- Published: Apr. 06, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-9417
Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue.... Read more
- EPSS Score: %42.67
- Published: Jun. 04, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2019-8024
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful e... Read more
- EPSS Score: %35.34
- Published: Aug. 20, 2019
- Modified: Nov. 21, 2024