Latest CVE Feed
-
9.3
HIGHCVE-2012-4614
The default configuration of EMC Smarts Network Configuration Manager (NCM) before 9.1 does not require authentication for database access, which allows remote attackers to have an unspecified impact via a network session.... Read more
- EPSS Score: %0.58
- Published: Nov. 27, 2012
- Modified: Apr. 11, 2025
-
9.3
HIGHCVE-2009-1646
Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long rtsp URL in a .ram file.... Read more
Affected Products : mini-stream_rm_downloader- EPSS Score: %7.19
- Published: May. 15, 2009
- Modified: Apr. 09, 2025
-
9.3
CRITICALCVE-2024-40505
Directory Traversal vulnerability in D-Link DAP-1650 Firmware v.1.03 allows a local attacker to escalate privileges via the hedwig.cgi component.... Read more
- Published: Jul. 16, 2024
- Modified: May. 29, 2025
-
9.3
CRITICALCVE-2025-24664
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology LTL Freight Quotes – Worldwide Express Edition allows SQL Injection. This issue affects LTL Freight Quotes – Worldwide Express Edition... Read more
Affected Products : ltl_freight_quotes- Published: Jan. 27, 2025
- Modified: Jan. 27, 2025
-
9.3
HIGHCVE-2009-2403
Heap-based buffer overflow in SCMPX 1.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a .m3u playlist file.... Read more
Affected Products : scmpx- EPSS Score: %9.30
- Published: Jul. 09, 2009
- Modified: Apr. 09, 2025
-
9.3
HIGHCVE-2012-4875
Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the develo... Read more
Affected Products : gpl_ghostscript- EPSS Score: %8.93
- Published: Sep. 06, 2012
- Modified: Apr. 11, 2025
-
9.3
HIGHCVE-2017-10831
Untrusted search path vulnerability in The electronic authentication system based on the commercial registration system "The CRCA user's Software" Ver1.8 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more
Affected Products : commercial_registration_electronic_authentication_software- EPSS Score: %0.18
- Published: Aug. 29, 2017
- Modified: Apr. 20, 2025
-
9.3
HIGHCVE-2012-4907
Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page.... Read more
- EPSS Score: %0.44
- Published: Sep. 13, 2012
- Modified: Apr. 11, 2025
-
9.3
HIGHCVE-2018-0544
Untrusted search path vulnerability in WinShot 1.53a and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more
Affected Products : winshot- EPSS Score: %0.17
- Published: Mar. 09, 2018
- Modified: Nov. 21, 2024
-
9.3
HIGHCVE-2018-0562
Untrusted search path vulnerability in Installer of SoundEngine Free ver.5.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more
Affected Products : soundengine- EPSS Score: %0.14
- Published: Apr. 16, 2018
- Modified: Nov. 21, 2024
-
9.3
HIGHCVE-2011-4055
Buffer overflow in the WebClient ActiveX control in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to execute arbitrary code via a long string in a parameter associated with the location URL... Read more
Affected Products : tecnomatix_factorylink- EPSS Score: %9.86
- Published: Jan. 08, 2012
- Modified: Apr. 11, 2025
-
9.3
HIGHCVE-2012-4988
Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.... Read more
Affected Products : xnview- EPSS Score: %48.28
- Published: Jul. 09, 2014
- Modified: Apr. 12, 2025
-
9.3
HIGHCVE-2018-0598
Untrusted search path vulnerability in Self-extracting archive files created by IExpress bundled with Microsoft Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more
Affected Products : windows- EPSS Score: %2.51
- Published: Jun. 26, 2018
- Modified: Nov. 21, 2024
-
9.3
CRITICALCVE-2025-27268
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in enituretechnology Small Package Quotes – Worldwide Express Edition allows SQL Injection. This issue affects Small Package Quotes – Worldwide Express Edit... Read more
Affected Products : small_package_quotes- Published: Mar. 03, 2025
- Modified: Mar. 03, 2025
- Vuln Type: Injection
-
9.3
HIGHCVE-2018-4854
A vulnerability has been identified in SICLOCK TC100 (All versions) and SICLOCK TC400 (All versions). An attacker with network access to port 69/udp could modify the administrative client stored on the device. If a legitimate user downloads and executes t... Read more
- EPSS Score: %0.48
- Published: Jul. 03, 2018
- Modified: Nov. 21, 2024
-
9.3
CRITICALCVE-2025-22523
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Schedule allows Blind SQL Injection. This issue affects Schedule: from n/a through 1.0.0.... Read more
Affected Products : schedule- Published: Mar. 28, 2025
- Modified: Mar. 28, 2025
- Vuln Type: Injection
-
9.3
CRITICALCVE-2024-45367
The web server for ONS-S8 - Spectra Aggregation Switch includes an incomplete authentication process, which can lead to an attacker authenticating without a password.... Read more
Affected Products :- Published: Oct. 03, 2024
- Modified: Oct. 04, 2024
-
9.3
CRITICALCVE-2025-46460
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Detheme Easy Guide allows SQL Injection. This issue affects Easy Guide: from n/a through 1.0.0.... Read more
Affected Products :- Published: May. 23, 2025
- Modified: May. 23, 2025
- Vuln Type: Injection
-
9.3
CRITICALCVE-2022-27660
A denial of service vulnerability exists in the confctl_set_guest_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.... Read more
- EPSS Score: %0.47
- Published: Aug. 05, 2022
- Modified: Nov. 21, 2024
-
9.3
HIGHCVE-2013-2717
Multiple unspecified vulnerabilities in the System Management (aka SysAdmin) Console in EMC Smarts Network Configuration Manager (NCM) through 9.2 have unknown impact and attack vectors, a different issue than CVE-2013-0935. NOTE: this might overlap CVEs... Read more
Affected Products : smarts_network_configuration_manager- EPSS Score: %0.38
- Published: Mar. 28, 2013
- Modified: Apr. 11, 2025