Latest CVE Feed
-
9.6
CRITICALCVE-2021-21146
Use after free in Navigation in Google Chrome prior to 88.0.4324.146 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more
- EPSS Score: %0.64
- Published: Feb. 09, 2021
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2018-5704
Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted ... Read more
- EPSS Score: %1.89
- Published: Jan. 16, 2018
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2021-21223
Integer overflow in Mojo in Google Chrome prior to 90.0.4430.85 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more
- EPSS Score: %1.63
- Published: Apr. 26, 2021
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2022-3075
Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more
- Actively Exploited
- EPSS Score: %1.33
- Published: Sep. 26, 2022
- Modified: Jul. 30, 2025
-
9.6
CRITICALCVE-2024-4671
Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)... Read more
- Actively Exploited
- Published: May. 14, 2024
- Modified: Nov. 27, 2024
-
9.6
CRITICALCVE-2024-23469
SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges. ... Read more
Affected Products : access_rights_manager- Published: Jul. 17, 2024
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2023-27898
Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting ... Read more
Affected Products : jenkins- EPSS Score: %0.91
- Published: Mar. 10, 2023
- Modified: Feb. 28, 2025
-
9.6
CRITICALCVE-2022-0977
Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.... Read more
- EPSS Score: %0.51
- Published: Jul. 21, 2022
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2022-0790
Use after free in Cast UI in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially perform a sandbox escape via a crafted HTML page.... Read more
- EPSS Score: %0.89
- Published: Apr. 05, 2022
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2022-0452
Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.... Read more
- EPSS Score: %0.32
- Published: Apr. 05, 2022
- Modified: Nov. 21, 2024
-
9.6
CRITICAL- EPSS Score: %0.77
- Published: Dec. 15, 2021
- Modified: Jun. 11, 2025
-
9.6
CRITICALCVE-2021-23037
On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the cont... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +1 more products- EPSS Score: %1.18
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2021-21201
Use after free in permissions in Google Chrome prior to 90.0.4430.72 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more
- EPSS Score: %1.06
- Published: Apr. 26, 2021
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2020-16024
Heap buffer overflow in UI in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more
- EPSS Score: %0.88
- Published: Jan. 08, 2021
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2019-5870
Use after free in media in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.... Read more
Affected Products : chrome- EPSS Score: %0.36
- Published: Nov. 25, 2019
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2017-12368
A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a use... Read more
- EPSS Score: %2.15
- Published: Nov. 30, 2017
- Modified: Apr. 20, 2025
-
9.6
CRITICALCVE-2017-10111
Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with ... Read more
- EPSS Score: %1.26
- Published: Aug. 08, 2017
- Modified: Apr. 20, 2025
-
9.6
CRITICALCVE-2016-4734
WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4611, CVE-2016-4730, CVE... Read more
- EPSS Score: %8.40
- Published: Sep. 25, 2016
- Modified: Apr. 12, 2025
-
9.6
CRITICALCVE-2016-3598
Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.... Read more
- EPSS Score: %10.14
- Published: Jul. 21, 2016
- Modified: Apr. 12, 2025
-
9.6
CRITICALCVE-2024-4947
Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)... Read more
- Actively Exploited
- Published: May. 15, 2024
- Modified: Nov. 27, 2024