Latest CVE Feed
-
9.6
CRITICALCVE-2022-26384
If an attacker could control the contents of an iframe sandboxed with <code>allow-popups</code> but not <code>allow-scripts</code>, they were able to craft a link that, when clicked, would lead to JavaScript execution in violation of the sandbox. This vul... Read more
- EPSS Score: %0.10
- Published: Dec. 22, 2022
- Modified: Apr. 16, 2025
-
9.6
CRITICALCVE-2020-13292
In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow.... Read more
Affected Products : gitlab- EPSS Score: %0.09
- Published: Aug. 10, 2020
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2021-43523
In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to output of wrong hostnames (leading to domain hijacking) or i... Read more
- EPSS Score: %2.39
- Published: Nov. 10, 2021
- Modified: May. 05, 2025
-
9.6
CRITICALCVE-2023-47797
Reflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the `p_l_back_url_title` parameter.... Read more
Affected Products : liferay_portal- EPSS Score: %0.15
- Published: Nov. 17, 2023
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2022-36180
Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106.... Read more
Affected Products : fusiondirectory- EPSS Score: %0.18
- Published: Nov. 22, 2022
- Modified: Apr. 29, 2025
-
9.6
CRITICALCVE-2023-52138
Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Ar... Read more
Affected Products : engrampa- EPSS Score: %1.88
- Published: Feb. 05, 2024
- Modified: Feb. 13, 2025
-
9.6
CRITICALCVE-2024-33006
An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow an attacker to completely compromise system. ... Read more
Affected Products : netweaver_application_server_abap- Published: May. 14, 2024
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2024-28231
eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS pr... Read more
Affected Products : fast_dds- Published: Mar. 20, 2024
- Modified: Jun. 30, 2025
-
9.6
CRITICALCVE-2024-7024
Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)... Read more
Affected Products : chrome- Published: Sep. 23, 2024
- Modified: Jan. 02, 2025
-
9.6
CRITICALCVE-2021-28550
Acrobat Reader DC versions versions 2021.001.20150 (and earlier), 2020.001.30020 (and earlier) and 2017.011.30194 (and earlier) are affected by a Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitr... Read more
- Actively Exploited
- EPSS Score: %22.40
- Published: Sep. 02, 2021
- Modified: Feb. 13, 2025
-
9.6
CRITICALCVE-2024-23477
The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. ... Read more
Affected Products : access_rights_manager- EPSS Score: %1.41
- Published: Feb. 15, 2024
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2022-1309
Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.... Read more
- EPSS Score: %0.78
- Published: Jul. 25, 2022
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2016-0003
Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Microsoft Edge Memory Corruption Vulnerability."... Read more
Affected Products : edge- EPSS Score: %8.22
- Published: Jan. 13, 2016
- Modified: Apr. 12, 2025
-
9.6
CRITICALCVE-2024-22093
When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary. Note: Software vers... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +2 more products- EPSS Score: %0.38
- Published: Feb. 14, 2024
- Modified: Jan. 23, 2025
-
9.6
CRITICALCVE-2017-1002101
In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside o... Read more
Affected Products : kubernetes- EPSS Score: %33.57
- Published: Mar. 13, 2018
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2017-14589
It was possible for double OGNL evaluation in FreeMarker templates through Struts FreeMarker tags to occur. An attacker who has restricted administration rights to Bamboo or who hosts a website that a Bamboo administrator visits, is able to exploit this v... Read more
Affected Products : bamboo- EPSS Score: %0.44
- Published: Dec. 13, 2017
- Modified: Apr. 20, 2025
-
9.6
CRITICALCVE-2018-0057
On MX Series and M120/M320 platforms configured in a Broadband Edge (BBE) environment, subscribers logging in with DHCP Option 50 to request a specific IP address will be assigned the requested IP address, even if there is a static MAC to IP address bindi... Read more
Affected Products : junos- EPSS Score: %0.34
- Published: Oct. 10, 2018
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2020-5948
On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP s... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +1 more products- EPSS Score: %0.82
- Published: Dec. 11, 2020
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2020-6465
Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.... Read more
- EPSS Score: %1.48
- Published: May. 21, 2020
- Modified: Nov. 21, 2024
-
9.6
CRITICALCVE-2021-21151
Use after free in Payments in Google Chrome prior to 88.0.4324.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.... Read more
- EPSS Score: %0.73
- Published: Feb. 22, 2021
- Modified: Nov. 21, 2024