Latest CVE Feed
-
9.8
CRITICALCVE-2023-51277
nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds.... Read more
Affected Products : jupyter_notebook_viewer- Published: Jan. 05, 2024
- Modified: Jun. 03, 2025
-
9.8
CRITICALCVE-2017-5953
vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.... Read more
Affected Products : vim- Published: Feb. 10, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2023-51412
Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms.This issue affects Piotnet Forms: from n/a through 1.0.25. ... Read more
Affected Products : piotnet_forms- Published: Dec. 29, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-5464
During DOM manipulations of the accessibility tree through script, the DOM tree can become out of sync with the accessibility tree, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ES... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-5443
An out-of-bounds write vulnerability while decoding improperly formed BinHex format archives. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-5439
A use-after-free vulnerability during XSLT processing due to poor handling of template parameters. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.1, Firefox ESR < 45.9, Firefox ESR < 52.1, and Firefox < 53.... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-5433
A use-after-free vulnerability in SMIL animation functions occurs when pointers to animation elements in an array are dropped from the animation controller while still in use. This results in a potentially exploitable crash. This vulnerability affects Thu... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-5429
Memory safety bugs were reported in Firefox 52, Firefox ESR 45.8, Firefox ESR 52, and Thunderbird 52. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary cod... Read more
- Published: Jun. 11, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2017-5341
The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print().... Read more
Affected Products : tcpdump- Published: Jan. 28, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-5340
Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles certain cases that require large array allocations, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow, uninitialized memory access... Read more
- Published: Jan. 11, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2017-5337
Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.... Read more
- Published: Mar. 24, 2017
- Modified: Apr. 20, 2025
-
9.8
CRITICALCVE-2023-51123
An issue discovered in D-Link dir815 v.1.01SSb08.bin allows a remote attacker to execute arbitrary code via a crafted POST request to the service parameter in the soapcgi_main function of the cgibin binary component.... Read more
- Published: Jan. 10, 2024
- Modified: Jun. 20, 2025
-
9.8
CRITICALCVE-2023-51022
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘langFlag’ parameter of the setLanguageCfg interface of the cstecgi .cgi.... Read more
- Published: Dec. 22, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-51126
Command injection vulnerability in /usr/www/res.php in FLIR AX8 up to 1.46.16 allows attackers to run arbitrary commands via the value parameter.... Read more
- Published: Jan. 10, 2024
- Modified: Jun. 20, 2025
-
9.8
CRITICALCVE-2023-51097
Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetAutoPing.... Read more
- Published: Dec. 26, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-51023
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to arbitrary command execution in the ‘host_time’ parameter of the NTPSyncWithHost interface of the cstecgi .cgi.... Read more
- Published: Dec. 22, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-51035
TOTOLINK EX1200L V9.3.5u.6146_B20201023 is vulnerable to arbitrary command execution on the cstecgi.cgi NTPSyncWithHost interface.... Read more
- Published: Dec. 22, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-51017
TOTOlink EX1800T v9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the lanIp parameter’ of the setLanConfig interface of the cstecgi .cgi.... Read more
- Published: Dec. 22, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-51136
TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule.... Read more
- Published: Dec. 30, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-51026
TOTOlink EX1800T V9.1.0cu.2112_B20220316 is vulnerable to unauthorized arbitrary command execution in the ‘hour’ parameter of the setRebootScheCfg interface of the cstecgi .cgi.... Read more
- Published: Dec. 22, 2023
- Modified: Nov. 21, 2024