Latest CVE Feed
-
10.0
CRITICALCVE-2024-23652
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoin... Read more
Affected Products : buildkit- EPSS Score: %3.84
- Published: Jan. 31, 2024
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2024-20419
A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper... Read more
Affected Products : smart_software_manager_on-prem- Published: Jul. 17, 2024
- Modified: Jul. 31, 2025
-
10.0
CRITICALCVE-2023-29017
vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. Prior to version 3.9.15, vm2 was not properly handling host objects passed to `Error.prepareStackTrace` in case of unhandled async errors. A threat actor could bypass t... Read more
Affected Products : vm2- EPSS Score: %79.90
- Published: Apr. 06, 2023
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2023-2163
Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape.... Read more
Affected Products : linux_kernel- EPSS Score: %0.08
- Published: Sep. 20, 2023
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-32158
Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal Forwarder endpoint could use the vu... Read more
Affected Products : splunk- EPSS Score: %0.80
- Published: Jun. 15, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2022-30311
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper acc... Read more
Affected Products : controller_cecc-x-m1_firmware controller_cecc-x-m1-mv_firmware controller_cecc-x-m1-mv-s1_firmware controller_cecc-x-m1-ys-l1_firmware controller_cecc-x-m1-ys-l2_firmware controller_cecc-x-m1-y-yjkp_firmware servo_press_kit_yjkp_firmware servo_press_kit_yjkp-_firmware controller_cecc-x-m1 controller_cecc-x-m1-mv +6 more products- EPSS Score: %0.65
- Published: Jun. 13, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2022-30308
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improp... Read more
Affected Products : controller_cecc-x-m1_firmware controller_cecc-x-m1-mv_firmware controller_cecc-x-m1-mv-s1_firmware controller_cecc-x-m1-ys-l1_firmware controller_cecc-x-m1-ys-l2_firmware controller_cecc-x-m1-y-yjkp_firmware servo_press_kit_yjkp_firmware servo_press_kit_yjkp-_firmware controller_cecc-x-m1 controller_cecc-x-m1-mv +6 more products- EPSS Score: %0.51
- Published: Jun. 13, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-27624
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the packet decryption functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified v... Read more
- EPSS Score: %1.46
- Published: Oct. 20, 2022
- Modified: Jan. 14, 2025
-
10.0
HIGHCVE-2022-24720
image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations that are coming from unsanitized user input allows the att... Read more
- EPSS Score: %0.84
- Published: Mar. 01, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-20704
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more
Affected Products : rv340_firmware rv340w_firmware rv345_firmware rv345p_firmware rv160_firmware rv160w_firmware rv260_firmware rv260p_firmware rv260w_firmware small_business_rv_series_router_firmware +9 more products- EPSS Score: %0.93
- Published: Feb. 10, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-20702
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more
Affected Products : rv340_firmware rv340w_firmware rv345_firmware rv345p_firmware rv160_firmware rv160w_firmware rv260_firmware rv260p_firmware rv260w_firmware small_business_rv_series_router_firmware +9 more products- EPSS Score: %2.71
- Published: Feb. 10, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-44228
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker ... Read more
Affected Products : fedora debian_linux active_iq_unified_manager finesse webex_meetings_server fxos oncommand_insight snapcenter enterprise_chat_and_email dna_center +165 more products- Actively Exploited
- EPSS Score: %94.36
- Published: Dec. 10, 2021
- Modified: Aug. 08, 2025
-
10.0
CRITICALCVE-2021-40426
A heap-based buffer overflow vulnerability exists in the sphere.c start_read() functionality of Sound Exchange libsox 14.4.2 and master commit 42b3557e. A specially-crafted file can lead to a heap buffer overflow. An attacker can provide a malicious file ... Read more
- EPSS Score: %0.12
- Published: Apr. 14, 2022
- Modified: Jun. 24, 2025
-
10.0
CRITICALCVE-2021-38397
Honeywell Experion PKS C200, C200E, C300, and ACE controllers are vulnerable to unrestricted file uploads, which may allow an attacker to remotely execute arbitrary code and cause a denial-of-service condition.... Read more
- EPSS Score: %0.12
- Published: Oct. 28, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-20325
Missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd, as shipped in Red Hat Enterprise Linux 8.5.0, causes a security regression compared to the versions shipped in Red Hat Enterprise Linux 8.4. A user who installs or updates to Re... Read more
Affected Products : enterprise_linux- EPSS Score: %0.69
- Published: Feb. 18, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-1289
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. T... Read more
Affected Products : rv160_vpn_router_firmware rv160w_wireless-ac_vpn_router_firmware rv260_vpn_router_firmware rv260p_vpn_router_with_poe_firmware small_business_rv_series_router_firmware rv260w_wireless-ac_vpn_router_firmware rv160w_wireless-ac_vpn_router rv260_vpn_router rv260p_vpn_router_with_poe rv260w_wireless-ac_vpn_router +1 more products- EPSS Score: %1.87
- Published: Feb. 04, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-0249
On SRX Series devices configured with UTM services a buffer overflow vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS may allow an attacker to arbitrarily execute code or commands on the target to take over or otherwise imp... Read more
- EPSS Score: %0.42
- Published: Apr. 22, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2020-9633
Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe Flash Player for Microsoft Edge and Internet Explorer 32.0.0.330 and earlier have an use after free vulnerability. Successful... Read more
Affected Products : windows_10 windows_8.1 linux_kernel macos flash_player_desktop_runtime flash_player chrome_os windows- EPSS Score: %8.34
- Published: Jun. 12, 2020
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2020-7247
smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affec... Read more
- Actively Exploited
- EPSS Score: %94.04
- Published: Jan. 29, 2020
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2020-6985
In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, these devices use a hard-coded service code for access to the console.... Read more
Affected Products : pt-7528-24tx-hv_firmware pt-7528-24tx-hv-hv_firmware pt-7528-24tx-wv_firmware pt-7528-24tx-wv-hv_firmware pt-7528-24tx-wv-wv_firmware pt-7528-12msc-12tx-4gsfp-hv_firmware pt-7528-12msc-12tx-4gsfp-hv-hv_firmware pt-7528-12msc-12tx-4gsfp-wv_firmware pt-7528-12msc-12tx-4gsfp-wv-wv_firmware pt-7528-12mst-12tx-4gsfp-hv_firmware +100 more products- EPSS Score: %0.30
- Published: Mar. 24, 2020
- Modified: Nov. 21, 2024