Latest CVE Feed
-
10.0
CRITICALCVE-2023-41721
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by ... Read more
- EPSS Score: %0.24
- Published: Oct. 25, 2023
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2023-2306
Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information using hard-coded credentials. With these credentials an attacker can retrieve information about the cameras, user information, and modify database records. ... Read more
Affected Products : nicevision- EPSS Score: %0.11
- Published: Oct. 05, 2023
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2023-4309
Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend dat... Read more
Affected Products : internet_election_service- EPSS Score: %0.56
- Published: Oct. 10, 2023
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2012-1400
Unspecified vulnerability in the U+Box 2.0 Pad (lg.uplusbox.pad) application 2.0.8.4 for Android has unknown impact and attack vectors.... Read more
- EPSS Score: %0.43
- Published: Mar. 07, 2012
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2012-1396
Unspecified vulnerability in the GO FBWidget (com.gau.go.launcherex.gowidget.fbwidget) application 1.9 and 2.1 for Android has unknown impact and attack vectors.... Read more
- EPSS Score: %0.43
- Published: Mar. 07, 2012
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2012-1485
Unspecified vulnerability in the NetFront Life Browser (com.access_company.android.nflifebrowser.lite) application 2.2.0 and 2.3.0 for Android has unknown impact and attack vectors.... Read more
- EPSS Score: %0.45
- Published: Mar. 15, 2012
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2022-0841
OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4.... Read more
Affected Products : npm-lockfile- EPSS Score: %1.51
- Published: Mar. 03, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2009-0216
GE Fanuc iFIX 5.0 and earlier relies on client-side authentication involving a weakly encrypted local password file, which allows remote attackers to bypass intended access restrictions and start privileged server login sessions by recovering a password o... Read more
Affected Products : ifix- EPSS Score: %1.47
- Published: Feb. 13, 2009
- Modified: Apr. 09, 2025
-
10.0
HIGHCVE-2011-0975
Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in Performance Analysis for Servers, Performance Assurance for Servers, and Performance Assurance for Virtual Servers 7.4.00 through 7.5.10; Performance Analyzer and Performance Predictor ... Read more
- EPSS Score: %25.99
- Published: Feb. 10, 2011
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2017-0028
A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An a... Read more
Affected Products : edge- EPSS Score: %19.63
- Published: Jul. 17, 2017
- Modified: Apr. 20, 2025
-
10.0
CRITICALCVE-2021-21322
fastify-http-proxy is an npm package which is a fastify plugin for proxying your http requests to another server, with hooks. By crafting a specific URL, it is possible to escape the prefix of the proxied backend service. If the base url of the proxied se... Read more
Affected Products : fastify-http-proxy- EPSS Score: %0.45
- Published: Mar. 02, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2023-24813
Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can still call arbitrary URLs with arbitrary protocols. Dompdf parses the href attribute of `image` tags and respects `... Read more
Affected Products : dompdf- EPSS Score: %6.32
- Published: Feb. 07, 2023
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2011-1051
Integer overflow in the COFF/EPOC/EXPLOAD input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation.... Read more
Affected Products : ida- EPSS Score: %0.46
- Published: Feb. 21, 2011
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2020-15920
There is an OS Command Injection in Mida eFramework through 2.9.0 that allows an attacker to achieve Remote Code Execution (RCE) with administrative (root) privileges. No authentication is required.... Read more
Affected Products : eframework- EPSS Score: %93.93
- Published: Jul. 24, 2020
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2023-29384
Unrestricted Upload of File with Dangerous Type vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin – JobWP.This issue affects WordPress Job Board and Recruitment Plugin – JobWP: from n/a through 2.0. ... Read more
Affected Products : jobwp- EPSS Score: %4.84
- Published: Dec. 20, 2023
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-44630
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in the /cloud_config/router_post/modify_account_pwd feature, which allows malicious users to execute arbitrary code on the system via a crafted post request.... Read more
- EPSS Score: %0.90
- Published: Mar. 10, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2023-30856
eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send a... Read more
Affected Products : edex-ui- EPSS Score: %0.14
- Published: Apr. 28, 2023
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-44881
D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request.... Read more
- EPSS Score: %8.69
- Published: Feb. 04, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2018-8739
VPN Unlimited 4.2.0 for macOS suffers from a root privilege escalation vulnerability in its privileged helper tool. The privileged helper tool implements an XPC interface, which allows arbitrary applications to execute system commands as root.... Read more
Affected Products : vpn_unlimited- EPSS Score: %0.47
- Published: Mar. 16, 2018
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2014-4502
Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size pa... Read more
- EPSS Score: %0.52
- Published: Jul. 23, 2014
- Modified: Apr. 12, 2025