Latest CVE Feed
-
9.8
CRITICALCVE-2023-51906
An issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute arbitrary code via a crafted script to the ServiceDispatcherServlet uap.framework.rc.itf.IResourceManager component.... Read more
Affected Products : yonbip- Published: Jan. 20, 2024
- Modified: Jun. 17, 2025
-
9.8
CRITICALCVE-2023-48656
An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.... Read more
Affected Products : malware_information_sharing_platform- Published: Nov. 17, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-48793
Zoho ManageEngine ADAudit Plus through 7250 allows SQL Injection in the aggregate report feature.... Read more
Affected Products : manageengine_adaudit_plus- Published: Feb. 02, 2024
- Modified: Jun. 11, 2025
-
9.8
CRITICALCVE-2022-36566
Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function.... Read more
- Published: Aug. 31, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-6072
An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that coul... Read more
- Published: Mar. 24, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-48376
SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary files to perform arbitrary ... Read more
Affected Products : cws_collaborative_development_platform- Published: Dec. 15, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-24379
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.... Read more
- Published: Sep. 09, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-48263
The vulnerability allows an unauthenticated remote attacker to perform a Denial-of-Service (DoS) attack or, possibly, obtain Remote Code Execution (RCE) via a crafted network request.... Read more
Affected Products : nexo-os nexo_cordless_nutrunner_nxa011s-36v-b_\(0608842012\) nexo_cordless_nutrunner_nxa011s-36v_\(0608842011\) nexo_cordless_nutrunner_nxa015s-36v-b_\(0608842006\) nexo_cordless_nutrunner_nxa015s-36v_\(0608842001\) nexo_cordless_nutrunner_nxa030s-36v-b_\(0608842007\) nexo_cordless_nutrunner_nxa030s-36v_\(0608842002\) nexo_cordless_nutrunner_nxa050s-36v-b_\(0608842008\) nexo_cordless_nutrunner_nxa050s-36v_\(0608842003\) nexo_cordless_nutrunner_nxa065s-36v-b_\(0608842014\) +11 more products- Published: Jan. 10, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-48250
The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts.... Read more
Affected Products : nexo-os nexo_cordless_nutrunner_nxa011s-36v-b_\(0608842012\) nexo_cordless_nutrunner_nxa011s-36v_\(0608842011\) nexo_cordless_nutrunner_nxa015s-36v-b_\(0608842006\) nexo_cordless_nutrunner_nxa015s-36v_\(0608842001\) nexo_cordless_nutrunner_nxa030s-36v-b_\(0608842007\) nexo_cordless_nutrunner_nxa030s-36v_\(0608842002\) nexo_cordless_nutrunner_nxa050s-36v-b_\(0608842008\) nexo_cordless_nutrunner_nxa050s-36v_\(0608842003\) nexo_cordless_nutrunner_nxa065s-36v-b_\(0608842014\) +11 more products- Published: Jan. 10, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-48230
Cap'n Proto is a data interchange format and capability-based RPC system. In versions 1.0 and 1.0.1, when using the KJ HTTP library with WebSocket compression enabled, a buffer underrun can be caused by a remote peer. The underrun always writes a constant... Read more
Affected Products : capnproto- Published: Nov. 21, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-17090
Microsoft Defender for Endpoint Security Feature Bypass Vulnerability... Read more
Affected Products : windows_10 windows_server_2016 windows_server_2019 windows_10_1809 windows_10_20h2 windows_10_1803 windows_10_1909 windows_server_20h2 windows_server_1903 windows_server_1909 +1 more products- Published: Nov. 11, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-17040
Windows Hyper-V Security Feature Bypass Vulnerability... Read more
Affected Products : windows_10 windows_8.1 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_1507 windows_10_1803 windows_10_1909 +5 more products- Published: Nov. 11, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-48194
Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \x0. After executing set_client_qos, control over the gp register can be obtained.... Read more
- Published: Jul. 09, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-48251
The vulnerability allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account.... Read more
Affected Products : nexo-os nexo_cordless_nutrunner_nxa011s-36v-b_\(0608842012\) nexo_cordless_nutrunner_nxa011s-36v_\(0608842011\) nexo_cordless_nutrunner_nxa015s-36v-b_\(0608842006\) nexo_cordless_nutrunner_nxa015s-36v_\(0608842001\) nexo_cordless_nutrunner_nxa030s-36v-b_\(0608842007\) nexo_cordless_nutrunner_nxa030s-36v_\(0608842002\) nexo_cordless_nutrunner_nxa050s-36v-b_\(0608842008\) nexo_cordless_nutrunner_nxa050s-36v_\(0608842003\) nexo_cordless_nutrunner_nxa065s-36v-b_\(0608842014\) +11 more products- Published: Jan. 10, 2024
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-48085
Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php.... Read more
Affected Products : nagios_xi- Published: Dec. 14, 2023
- Modified: May. 22, 2025
-
9.8
CRITICALCVE-2023-5222
A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of har... Read more
- Published: Sep. 27, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-48022
Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a str... Read more
Affected Products : ray- Published: Nov. 28, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-48028
kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack.... Read more
Affected Products : kodbox- Published: Nov. 18, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-47990
SQL Injection vulnerability in components/table_manager/html/edit_admin_table.php in CuppaCMS V1.0 allows attackers to run arbitrary SQL commands via the table parameter.... Read more
Affected Products : cuppacms- Published: Dec. 20, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2019-6579
A vulnerability has been identified in Spectrum Power 4 (with Web Office Portal). An attacker with network access to the web server on port 80/TCP or 443/TCP could execute system commands with administrative privileges. The security vulnerability could be... Read more
Affected Products : spectrum_power_4- Published: Apr. 17, 2019
- Modified: Nov. 21, 2024