Latest CVE Feed
-
9.8
CRITICALCVE-2025-27154
Spotipy is a lightweight Python library for the Spotify Web API. The `CacheHandler` class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has `rw-r--r--` (644) permissions by default, when it could be locked down to... Read more
Affected Products : spotipy- Published: Feb. 27, 2025
- Modified: Apr. 07, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2024-41827
In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration... Read more
Affected Products : teamcity- Published: Jul. 22, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2014-8322
Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value.... Read more
Affected Products : aircrack-ng- EPSS Score: %32.21
- Published: Jan. 31, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-8661
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Mojave 10.14.6. A remote attacker may be able to cause arbitrary code execution.... Read more
- EPSS Score: %8.05
- Published: Dec. 18, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-38646
Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4... Read more
Affected Products : metabase- EPSS Score: %94.26
- Published: Jul. 21, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2025-49709
Certain canvas operations could have lead to memory corruption. This vulnerability affects Firefox < 139.0.4.... Read more
Affected Products : firefox- Published: Jun. 11, 2025
- Modified: Jun. 16, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2018-0308
A vulnerability in the Cisco Fabric Services component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerability exists because... Read more
- EPSS Score: %1.56
- Published: Jun. 20, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-0314
A vulnerability in the Cisco Fabric Services (CFS) component of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability exists because the affected sof... Read more
- EPSS Score: %5.55
- Published: Jun. 20, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-0398
Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to conduct a server-side request forgery (SSRF) attack. Cisco Bug IDs: CSCvg71018.... Read more
Affected Products : finesse- EPSS Score: %0.96
- Published: Jul. 18, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-10918
Stack-based Buffer Overflow vulnerability in libmodbus v3.1.10 allows to overflow the buffer allocated for the Modbus response if the function tries to reply to a Modbus request with an unexpected length.... Read more
Affected Products : libmodbus- Published: Feb. 27, 2025
- Modified: Apr. 29, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2022-45395
Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.... Read more
Affected Products : cccc- EPSS Score: %0.30
- Published: Nov. 15, 2022
- Modified: Apr. 30, 2025
-
9.8
CRITICALCVE-2022-26776
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An attacker may be able to cause unexpected application termination or arbitrary code execution.... Read more
Affected Products : macos- EPSS Score: %1.64
- Published: May. 26, 2022
- Modified: May. 30, 2025
-
9.8
CRITICALCVE-2022-45789
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause execution of unauthorized Modbus functions on the controller when hijacking an authenticated Modbus session. Affected Products: EcoStruxure Control Expert (All Versio... Read more
Affected Products : modicon_m580_bmep584040_firmware modicon_m580_bmep582040_firmware modicon_m580_bmep586040_firmware modicon_m580_bmep585040_firmware modicon_m580_bmep582020_firmware modicon_m580_bmep581020_firmware modicon_m580_bmep584020_firmware modicon_m580_bmep583040_firmware modicon_m580_bmep583020_firmware ecostruxure_control_expert +62 more products- EPSS Score: %0.06
- Published: Jan. 31, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-32615
HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5Z__nbit_decompress_one_byte in H5Znbit.c, caused by the earlier use of an initialized pointer.... Read more
Affected Products : hdf5- Published: May. 14, 2024
- Modified: Apr. 18, 2025
-
9.8
CRITICALCVE-2019-9201
Multiple Phoenix Contact devices allow remote attackers to establish TCP sessions to port 1962 and obtain sensitive information or make changes, as demonstrated by using the Create Backup feature to traverse all directories.... Read more
- EPSS Score: %2.01
- Published: Feb. 26, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-37891
Unauthenticated buffer overflow vulnerabilities exist within the Aruba InstantOS and ArubaOS 10 web management interface. Successful exploitation results in the execution of arbitrary commands on the underlying operating system of Aruba InstantOS 6.4.x: 6... Read more
- EPSS Score: %0.82
- Published: Oct. 07, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-0651
Buffer overflow in the license management function of YOKOGAWA products (iDefine for ProSafe-RS R1.16.3 and earlier, STARDOM VDS R7.50 and earlier, STARDOM FCN/FCJ Simulator R4.20 and earlier, ASTPLANNER R15.01 and earlier, TriFellows V5.04 and earlier) a... Read more
- EPSS Score: %6.04
- Published: Jan. 09, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-45195
Direct Request ('Forced Browsing') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.16. Users are recommended to upgrade to version 18.12.16, which fixes the issue.... Read more
Affected Products : ofbiz- Actively Exploited
- Published: Sep. 04, 2024
- Modified: Feb. 05, 2025
-
9.8
CRITICALCVE-2019-8236
Creative Cloud Desktop Application version 4.6.1 and earlier versions have Security Bypass vulnerability. Successful exploitation could lead to Privilege Escalation in the context of the current user.... Read more
- EPSS Score: %0.80
- Published: Oct. 23, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-10952
An attacker could send a crafted HTTP/HTTPS request to render the web server unavailable and/or lead to remote code execution caused by a stack-based buffer overflow vulnerability. A cold restart is required for recovering CompactLogix 5370 L1, L2, a... Read more
- EPSS Score: %0.51
- Published: May. 01, 2019
- Modified: Nov. 21, 2024