Latest CVE Feed
-
9.4
CRITICALCVE-2023-44373
A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.0), SCALANCE M8... Read more
- EPSS Score: %0.62
- Published: Nov. 14, 2023
- Modified: Nov. 21, 2024
-
9.4
HIGHCVE-2016-3543
Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Tasks.... Read more
- EPSS Score: %1.22
- Published: Jul. 21, 2016
- Modified: Apr. 12, 2025
-
9.4
HIGHCVE-2006-6535
The dev_queue_xmit function in Linux kernel 2.6 can fail before calling the local_bh_disable function, which could lead to data corruption and "node lockups." NOTE: it is not clear whether this issue is exploitable.... Read more
Affected Products : linux_kernel- EPSS Score: %1.10
- Published: Jan. 30, 2007
- Modified: Apr. 09, 2025
-
9.4
CRITICALCVE-2025-52939
Out-of-bounds Write vulnerability in dail8859 NotepadNext (src/lua/src modules). This vulnerability is associated with program files ldebug.C, lvm.C. This issue affects NotepadNext: through v0.11.... Read more
Affected Products :- Published: Jun. 23, 2025
- Modified: Jun. 23, 2025
- Vuln Type: Memory Corruption
-
9.4
CRITICALCVE-2020-8768
An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L before 1.2.3 devices. There is an insecure mechanism for read and write access to the configuration of the device. The mechanism can be discovered by examini... Read more
- EPSS Score: %0.36
- Published: Feb. 17, 2020
- Modified: Nov. 21, 2024
-
9.4
CRITICALCVE-2019-6665
On BIG-IP ASM 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, BIG-IQ 6.0.0 and 5.2.0-5.4.0, iWorkflow 2.3.0, and Enterprise Manager 3.1.1, an attacker with access to the device communication between the BIG-IP ASM Central Policy Builder ... Read more
Affected Products : big-ip_application_security_manager enterprise_manager big-iq_centralized_management iworkflow- EPSS Score: %0.84
- Published: Nov. 27, 2019
- Modified: Nov. 21, 2024
-
9.4
CRITICALCVE-2019-19108
An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP.... Read more
- EPSS Score: %0.57
- Published: Apr. 20, 2020
- Modified: Nov. 21, 2024
-
9.4
HIGHCVE-2014-5414
Beckhoff Embedded PC images before 2014-10-22 and Automation Device Specification (ADS) TwinCAT components do not restrict the number of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack.... Read more
- EPSS Score: %0.88
- Published: Oct. 05, 2016
- Modified: Apr. 12, 2025
-
9.4
HIGHCVE-2013-3658
Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, allows remote attackers to delete arbitrary host OS files via unspecified vectors.... Read more
- EPSS Score: %0.58
- Published: Sep. 10, 2013
- Modified: Apr. 11, 2025
-
9.4
HIGHCVE-2020-8470
Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server contains a vulnerable service DLL file that could allow an attacker to delete any file on the server with SYSTEM level privileges. Authentication is not re... Read more
- EPSS Score: %1.12
- Published: Mar. 18, 2020
- Modified: Nov. 21, 2024
-
9.4
CRITICALCVE-2019-6644
Similar to the issue identified in CVE-2018-12120, on versions 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.2, and 12.1.0-12.1.4 BIG-IP will bind a debug nodejs process to all interfaces when invoked. This may expose the process to unauthorized users if ... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_fraud_protection_service big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager +3 more products- EPSS Score: %0.79
- Published: Sep. 04, 2019
- Modified: Nov. 21, 2024
-
9.4
CRITICALCVE-2019-17638
In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in case of too large response headers, Jetty throws an exception to produce an HTTP 431 error. When this happens, the ByteBuffer containing the HTTP response headers is released back to the ... Read more
Affected Products : jetty- EPSS Score: %27.65
- Published: Jul. 09, 2020
- Modified: Nov. 21, 2024
-
9.4
HIGHCVE-2017-10917
Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221.... Read more
Affected Products : xen- EPSS Score: %0.84
- Published: Jul. 05, 2017
- Modified: Apr. 20, 2025
-
9.4
HIGHCVE-2016-2208
The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file.... Read more
Affected Products : anti-virus_engine- EPSS Score: %52.67
- Published: May. 19, 2016
- Modified: Apr. 12, 2025
-
9.4
HIGHCVE-2016-3541
Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Notes.... Read more
- EPSS Score: %1.36
- Published: Jul. 21, 2016
- Modified: Apr. 12, 2025
-
9.4
CRITICALCVE-2024-12106
In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings.... Read more
Affected Products : whatsup_gold- Published: Dec. 31, 2024
- Modified: Jan. 06, 2025
-
9.4
CRITICALCVE-2021-31597
The xmlhttprequest-ssl package before 1.6.1 for Node.js disables SSL certificate validation by default, because rejectUnauthorized (when the property exists but is undefined) is considered to be false within the https.request function of Node.js. In other... Read more
- EPSS Score: %0.37
- Published: Apr. 23, 2021
- Modified: Nov. 21, 2024
-
9.4
HIGHCVE-2008-5407
Multiple unspecified vulnerabilities in the Backup Exec remote-agent logon process in Symantec Backup Exec for Windows Servers 11.0 (aka 11d) builds 6235 and 7170, 12.0 build 1364, and 12.5 build 2213 allow remote attackers to bypass authentication, and r... Read more
Affected Products : backup_exec_for_windows_server- EPSS Score: %1.39
- Published: Dec. 10, 2008
- Modified: Apr. 09, 2025
-
9.4
HIGHCVE-2016-1034
The Sync Process in the JavaScript API for Creative Cloud Libraries in Adobe Creative Cloud Desktop Application before 3.6.0.244 allows remote attackers to read or write to arbitrary files via unspecified vectors.... Read more
Affected Products : creative_cloud- EPSS Score: %1.44
- Published: Apr. 12, 2016
- Modified: Apr. 12, 2025
-
9.4
CRITICALCVE-2023-49581
SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. B... Read more
Affected Products : netweaver_application_server_abap- EPSS Score: %0.07
- Published: Dec. 12, 2023
- Modified: Nov. 21, 2024