Latest CVE Feed
-
10.0
HIGHCVE-2020-3258
Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local... Read more
Affected Products : ios 1120 1240 ir809g-lte-ga-k9 ir809g-lte-la-k9 ir809g-lte-na-k9 ir809g-lte-vz-k9 ir829-2lte-ea-ak9 ir829-2lte-ea-bk9 ir829-2lte-ea-ek9 +6 more products- EPSS Score: %33.80
- Published: Jun. 03, 2020
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2020-3248
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these ... Read more
- EPSS Score: %39.46
- Published: Apr. 15, 2020
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2020-3247
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these ... Read more
- EPSS Score: %39.46
- Published: Apr. 15, 2020
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2023-30547
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside `handleExcepti... Read more
Affected Products : vm2- EPSS Score: %84.62
- Published: Apr. 17, 2023
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2016-1060
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary ... Read more
- EPSS Score: %10.86
- Published: May. 11, 2016
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2011-4861
The modbus_125_handler function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) allows remote attackers to install arbitrary firmware updates via a MODBUS 125 function code to TCP port 502.... Read more
- EPSS Score: %1.36
- Published: Dec. 17, 2011
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2021-36380
Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi.... Read more
Affected Products : sureline- Actively Exploited
- EPSS Score: %94.27
- Published: Aug. 13, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2024-29847
Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.... Read more
Affected Products : endpoint_manager- Published: Sep. 12, 2024
- Modified: Sep. 12, 2024
-
10.0
HIGHCVE-2014-5503
SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_user opcode.... Read more
Affected Products : cyberoam_os- EPSS Score: %1.28
- Published: Oct. 07, 2014
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2012-3964
Use-after-free vulnerability in the gfxTextRun::GetUserData function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute ... Read more
- EPSS Score: %2.13
- Published: Aug. 29, 2012
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2014-5428
Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Autom... Read more
Affected Products : metsys metasys application_and_data_server extended_application_and_data_server lonworks_control_server_lcs8520 network_automation_engine_5510-2 network_automation_engine_5510-2u network_automation_engine_5511-2 network_automation_engine_5520-2 network_automation_engine_5521-2 +3 more products- EPSS Score: %2.65
- Published: Mar. 29, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2012-4163
Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.... Read more
- EPSS Score: %7.93
- Published: Aug. 21, 2012
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2016-1085
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service... Read more
- EPSS Score: %5.11
- Published: May. 11, 2016
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2012-4504
Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file.... Read more
Affected Products : libproxy- EPSS Score: %5.63
- Published: Nov. 11, 2012
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2014-5342
Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-6627.... Read more
Affected Products : clearpass- EPSS Score: %2.60
- Published: Nov. 19, 2014
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2013-1903
PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 incorrectly provides the superuser password to scripts related to "graphical installers for Linux and Mac OS X," which has unspe... Read more
Affected Products : postgresql- EPSS Score: %0.72
- Published: Apr. 04, 2013
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2014-5210
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability than CVE-2014-3804 and CVE-2014-3805.... Read more
Affected Products : open_source_security_information_management- EPSS Score: %13.51
- Published: Aug. 21, 2014
- Modified: Apr. 12, 2025
-
10.0
CRITICALCVE-2024-2013
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway component that if exploited allows attackers without any access to interact with the services and the post-authentication attack surface.... Read more
- Published: Jun. 11, 2024
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2008-2663
Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, and 1.8.7 before 1.8.7-p22 allow context-dependent attackers to execute arbitrary code or cause a denial of service via un... Read more
- EPSS Score: %3.88
- Published: Jun. 24, 2008
- Modified: Apr. 09, 2025
-
10.0
HIGHCVE-2013-0446
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deploymen... Read more
- EPSS Score: %8.54
- Published: Feb. 02, 2013
- Modified: Apr. 11, 2025