Latest CVE Feed
-
9.8
CRITICALCVE-2023-35817
DevExpress before 23.1.3 allows AsyncDownloader SSRF.... Read more
Affected Products : devexpress- Published: Apr. 28, 2025
- Modified: Jun. 05, 2025
- Vuln Type: Server-Side Request Forgery
-
9.8
CRITICALCVE-2020-3909
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Multiple issues... Read more
- Published: Apr. 01, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-20159
Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with root privileges on an affe... Read more
Affected Products : sf300-08_firmware sf302-08_firmware sf302-08pp_firmware sf302-08mpp_firmware sf300-24_firmware sf300-24p_firmware sf300-24pp_firmware sf300-24mp_firmware sf300-48_firmware sf300-48p_firmware +452 more products- Published: May. 18, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2025-56266
A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL.... Read more
Affected Products : access_control_manager- Published: Sep. 08, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-56267
A CSV injection vulnerability in the /id_profiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via suuplying a crafted Excel file.... Read more
Affected Products : access_control_manager- Published: Sep. 08, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-9424
A vulnerability was identified in Ruijie WS7204-A 2017.06.15. Affected by this vulnerability is an unknown functionality of the file /itbox_pi/branch_import.php?a=branch_list. Such manipulation of the argument province leads to os command injection. The a... Read more
- Published: Aug. 25, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2023-20073
A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insu... Read more
- Published: Apr. 05, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-20025
A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers could allow an unauthenticated, remote attacker to bypass authentication on an affected device. This vulnerability is due to improper ... Read more
- Published: Jan. 20, 2023
- Modified: Apr. 07, 2025
-
9.8
CRITICALCVE-2020-3807
Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a buffer overflow vulnerability. Successful exploitation could lead to ar... Read more
- Published: Mar. 25, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-3799
Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a stack-based buffer overflow vulnerability. Successful exploitation coul... Read more
- Published: Mar. 25, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-3788
Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more
- Published: Mar. 25, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-1133
Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could a... Read more
Affected Products : infrasuite_device_master- Published: Mar. 27, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-0582
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ForgeRock Access Management allows Authorization Bypass. This issue affects access management: before 7.3.0, before 7.2.1, before 7.1.4, through 7.0.2.... Read more
Affected Products : access_management- Published: Mar. 27, 2024
- Modified: Apr. 14, 2025
-
9.8
CRITICALCVE-2018-3601
A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations.... Read more
Affected Products : control_manager- Published: Feb. 09, 2018
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-36400
ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, a different vulnerability than CVE-2021-20235.... Read more
Affected Products : libzmq- Published: Jul. 01, 2021
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-35385
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 +6 more products- Published: Aug. 08, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2024-53496
Incorrect access control in the doFilter function of my-site v1.0.2.RELEASE allows attackers to access sensitive components without authentication.... Read more
Affected Products : my-site- Published: Aug. 22, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Authentication
-
9.8
CRITICALCVE-2023-35366
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 +6 more products- Published: Jul. 11, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-35349
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_21h2 +6 more products- Published: Oct. 10, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2025-25291
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differ... Read more
- Published: Mar. 12, 2025
- Modified: Sep. 12, 2025
- Vuln Type: Authentication