Latest CVE Feed
-
9.8
CRITICALCVE-2024-38240
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability... Read more
Affected Products : windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 windows_11_22h2 +7 more products- Published: Sep. 10, 2024
- Modified: Sep. 17, 2024
-
9.8
CRITICALCVE-2024-31581
FFmpeg version n6.1 was discovered to contain an improper validation of array index vulnerability in libavcodec/cbs_h266_syntax_template.c. This vulnerability allows attackers to cause undefined behavior within the application.... Read more
- Published: Apr. 17, 2024
- Modified: Jun. 03, 2025
-
9.8
CRITICALCVE-2024-30080
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 +10 more products- Published: Jun. 11, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-25153
A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to ... Read more
- Published: Mar. 13, 2024
- Modified: Jan. 21, 2025
-
9.8
CRITICALCVE-2024-21416
Windows TCP/IP Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 +2 more products- Published: Sep. 10, 2024
- Modified: Sep. 20, 2024
-
9.8
CRITICALCVE-2024-21082
Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via H... Read more
Affected Products : bi_publisher- Published: Apr. 16, 2024
- Modified: Mar. 26, 2025
-
9.8
CRITICALCVE-2024-12356
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.... Read more
- Actively Exploited
- Published: Dec. 17, 2024
- Modified: Feb. 17, 2025
-
9.8
CRITICALCVE-2024-10924
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_logi... Read more
Affected Products : really_simple_security- Published: Nov. 15, 2024
- Modified: Nov. 20, 2024
-
9.8
CRITICALCVE-2019-15977
Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected devi... Read more
- Published: Jan. 06, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-5281
A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as critical. This affects an unknown part of the file remove_inbox_message.php. The manipulation of the argument id leads to sql injection. It is possible to i... Read more
Affected Products : engineers_online_portal- Published: Sep. 29, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-42117
Exim Improper Neutralization of Special Elements Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exim. Authentication is not required to exploit this vulnerability. Th... Read more
Affected Products : exim- Published: May. 03, 2024
- Modified: Aug. 07, 2025
-
9.8
CRITICALCVE-2023-3961
A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like ... Read more
- Published: Nov. 03, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-39213
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.... Read more
- Published: Aug. 08, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-38604
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may b... Read more
- Published: Jul. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-38186
Windows Mobile Device Management Elevation of Privilege Vulnerability... Read more
Affected Products : windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 windows_11_22h2- Published: Aug. 08, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-36910
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability... Read more
Affected Products : windows_10 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 +7 more products- Published: Aug. 08, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-36903
Windows System Assessment Tool Elevation of Privilege Vulnerability... Read more
Affected Products : windows_10 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 +6 more products- Published: Aug. 08, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-34060
VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware Cloud Director Appliance was upgraded to 10.5 from an older version. On an upgraded version of VMware Cloud Director Appliance 10.5, a malicious actor with netw... Read more
- Published: Nov. 14, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-33476
ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. The vulnerability is caused by incorrect validation logic when handling HTTP requests using chunked transport encoding. This results in other code later using attacke... Read more
Affected Products : readymedia- Published: Jun. 02, 2023
- Modified: Jan. 08, 2025
-
9.8
CRITICALCVE-2019-15318
The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field.... Read more
Affected Products : easy_forms_for_mailchimp- Published: Aug. 22, 2019
- Modified: Nov. 21, 2024