Latest CVE Feed
-
9.8
CRITICALCVE-2018-7053
An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order.... Read more
- EPSS Score: %0.82
- Published: Feb. 15, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-43927
Improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecifi... Read more
- EPSS Score: %0.42
- Published: Feb. 07, 2022
- Modified: Jan. 14, 2025
-
9.8
CRITICALCVE-2024-38077
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability... Read more
- Published: Jul. 09, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7263
The mad_decoder_run() function in decoder.c in Underbit libmad through 0.15.1b allows remote attackers to cause a denial of service (SIGABRT because of double free or corruption) or possibly have unspecified other impact via a crafted file. NOTE: this may... Read more
Affected Products : libmad- EPSS Score: %0.91
- Published: Feb. 20, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-36911
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability... Read more
Affected Products : windows_10 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 +7 more products- EPSS Score: %3.46
- Published: Aug. 08, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-27647
Out-of-bounds Read vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web requests.... Read more
- EPSS Score: %1.67
- Published: Mar. 12, 2021
- Modified: Jan. 14, 2025
-
9.8
CRITICALCVE-2023-43373
Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php.... Read more
Affected Products : hoteldruid- EPSS Score: %21.71
- Published: Sep. 20, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-31207
The Omron SYSMAC Cx product family PLCs (CS series, CJ series, and CP series) through 2022-05-18 lack cryptographic authentication. They utilize the Omron FINS (9600/TCP) protocol for engineering purposes, including downloading projects and control logic ... Read more
Affected Products : cp1w-cif41_firmware sysmac_cs1_firmware sysmac_cj2m_firmware sysmac_cj2h_firmware sysmac_cp1e_firmware sysmac_cp1h_firmware sysmac_cp1l_firmware sysmac_cs1 sysmac_cj2m sysmac_cj2h +4 more products- EPSS Score: %0.08
- Published: Jul. 26, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2015-1276
Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by l... Read more
- EPSS Score: %2.78
- Published: Jul. 23, 2015
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2018-7809
An Unverified Password Change vulnerability exists in the embedded web servers in all Modicon M340, Premium, Quantum PLCs and BMXNOR0200 which could allow an unauthenticated remote user to access the password delete function of the web server.... Read more
- EPSS Score: %1.98
- Published: Nov. 30, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2018-7842
A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon M580, Modicon M340, Modicon Quantum, and Modicon Premium which could cause an elevation of privilege by conducting a brute force attack on Modbus parameters s... Read more
- EPSS Score: %6.47
- Published: May. 22, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-2120
OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution.... Read more
Affected Products : dcmtk- EPSS Score: %2.94
- Published: Jun. 24, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-29155
In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is pr... Read more
Affected Products : debian_linux h410c_firmware h300s_firmware h500s_firmware h700s_firmware h410s_firmware openldap h300s h410s h500s +4 more products- EPSS Score: %20.93
- Published: May. 04, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-8009
Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an out-of-bounds write vulnerability. Success... Read more
- EPSS Score: %4.06
- Published: Aug. 20, 2019
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-49287
TinyDir is a lightweight C directory and file reader. Buffer overflows in the `tinydir_file_open()` function. This vulnerability has been patched in version 1.2.6.... Read more
Affected Products : tinydir- EPSS Score: %1.64
- Published: Dec. 04, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-15606
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons... Read more
- EPSS Score: %3.46
- Published: Feb. 07, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-12396
Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This ... Read more
Affected Products : firefox- EPSS Score: %0.58
- Published: May. 26, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2016-9535
tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka "Predicto... Read more
Affected Products : libtiff- EPSS Score: %0.78
- Published: Nov. 22, 2016
- Modified: Apr. 12, 2025
-
9.8
CRITICALCVE-2022-36361
A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions), LOGO! 24CE... Read more
- EPSS Score: %0.47
- Published: Oct. 11, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2010-0840
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE:... Read more
- Actively Exploited
- EPSS Score: %92.55
- Published: Apr. 01, 2010
- Modified: Apr. 11, 2025