Latest CVE Feed
-
9.8
CRITICALCVE-2023-48691
Azure RTOS NetX Duo is a TCP/IP network stack designed specifically for deeply embedded real-time and IoT applications. An attacker can cause an out-of-bounds write in Azure RTOS NETX Duo, that could lead to remote code execution. The affected components ... Read more
Affected Products : azure_rtos_netx_duo- Published: Dec. 05, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-48697
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. An attacker can cause remote code execution due to memory buffer and pointer vulnerabilities in Azure RTOS USBX. The affected comp... Read more
Affected Products : azure_rtos_usbx- Published: Dec. 05, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-48689
Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'byname' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database. ... Read more
Affected Products : railway_reservation_system- Published: Dec. 21, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-48657
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.... Read more
Affected Products : malware_information_sharing_platform- Published: Nov. 17, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-48655
An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters.... Read more
Affected Products : malware_information_sharing_platform- Published: Nov. 17, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-48648
Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Ex... Read more
- Published: Nov. 17, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-1300
Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.... Read more
- Published: Jan. 20, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-51906
An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute arbitrary code via a crafted script to the ServiceDispatcherServlet uap.framework.rc.itf.IResourceManager component.... Read more
Affected Products : yonbip- Published: Jan. 20, 2024
- Modified: Jun. 17, 2025
-
9.8
CRITICALCVE-2023-48656
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.... Read more
Affected Products : malware_information_sharing_platform- Published: Nov. 17, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-48793
Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature.... Read more
Affected Products : manageengine_adaudit_plus- Published: Feb. 02, 2024
- Modified: Jun. 11, 2025
-
9.8
CRITICALCVE-2022-36566
Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function.... Read more
- Published: Aug. 31, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-6072
An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that coul... Read more
- Published: Mar. 24, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-48376
SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary ... Read more
Affected Products : cws_collaborative_development_platform- Published: Dec. 15, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-24379
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.... Read more
- Published: Sep. 09, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-48263
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.... Read more
Affected Products : nexo-os nexo_cordless_nutrunner_nxa011s-36v-b_\(0608842012\) nexo_cordless_nutrunner_nxa011s-36v_\(0608842011\) nexo_cordless_nutrunner_nxa015s-36v-b_\(0608842006\) nexo_cordless_nutrunner_nxa015s-36v_\(0608842001\) nexo_cordless_nutrunner_nxa030s-36v-b_\(0608842007\) nexo_cordless_nutrunner_nxa030s-36v_\(0608842002\) nexo_cordless_nutrunner_nxa050s-36v-b_\(0608842008\) nexo_cordless_nutrunner_nxa050s-36v_\(0608842003\) nexo_cordless_nutrunner_nxa065s-36v-b_\(0608842014\) +11 more products- Published: Jan. 10, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-48250
The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts.... Read more
Affected Products : nexo-os nexo_cordless_nutrunner_nxa011s-36v-b_\(0608842012\) nexo_cordless_nutrunner_nxa011s-36v_\(0608842011\) nexo_cordless_nutrunner_nxa015s-36v-b_\(0608842006\) nexo_cordless_nutrunner_nxa015s-36v_\(0608842001\) nexo_cordless_nutrunner_nxa030s-36v-b_\(0608842007\) nexo_cordless_nutrunner_nxa030s-36v_\(0608842002\) nexo_cordless_nutrunner_nxa050s-36v-b_\(0608842008\) nexo_cordless_nutrunner_nxa050s-36v_\(0608842003\) nexo_cordless_nutrunner_nxa065s-36v-b_\(0608842014\) +11 more products- Published: Jan. 10, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-48230
Cap'n Proto is a data interchange format and capability-based RPC system. In versions 1.0 and 1.0.1, when using the KJ HTTP library with WebSocket compression enabled, a buffer underrun can be caused by a remote peer. The underrun always writes a constant... Read more
Affected Products : capnproto- Published: Nov. 21, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-17090
Microsoft Defender for Endpoint Security Feature Bypass Vulnerability... Read more
Affected Products : windows_10 windows_server_2016 windows_server_2019 windows_10_1809 windows_10_20h2 windows_10_1803 windows_10_1909 windows_server_20h2 windows_server_1903 windows_server_1909 +1 more products- Published: Nov. 11, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-17040
Windows Hyper-V Security Feature Bypass Vulnerability... Read more
Affected Products : windows_10 windows_8.1 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_1507 windows_10_1803 windows_10_1909 +5 more products- Published: Nov. 11, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-48194
Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. After executing set_client_qos, control over the gp register can be obtained.... Read more
- Published: Jul. 09, 2024
- Modified: Nov. 21, 2024