Latest CVE Feed
-
10.0
HIGHCVE-1999-0878
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.... Read more
- EPSS Score: %1.35
- Published: Aug. 22, 1999
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-1999-0874
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.... Read more
- EPSS Score: %83.54
- Published: Jun. 16, 1999
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-1999-0662
A system-critical program or library does not have the appropriate patch, hotfix, or service pack installed, or is outdated or obsolete.... Read more
Affected Products :- EPSS Score: %0.48
- Published: Jan. 01, 1999
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-1999-0527
The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can be overwritten.... Read more
Affected Products :- EPSS Score: %0.35
- Published: Jan. 01, 1999
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-1999-0198
finger .@host on some systems may print information on some user accounts.... Read more
Affected Products :- EPSS Score: %0.48
- Published: Jan. 01, 1999
- Modified: Apr. 03, 2025
-
10.0
CRITICALCVE-2024-2973
An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device. Onl... Read more
Affected Products :- Published: Jun. 27, 2024
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2023-22518
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Usin... Read more
- Actively Exploited
- EPSS Score: %94.35
- Published: Oct. 31, 2023
- Modified: Feb. 10, 2025
-
10.0
HIGHCVE-2012-5087
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans.... Read more
- EPSS Score: %6.22
- Published: Oct. 16, 2012
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2022-30310
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper acc... Read more
Affected Products : controller_cecc-x-m1_firmware controller_cecc-x-m1-mv_firmware controller_cecc-x-m1-mv-s1_firmware controller_cecc-x-m1-ys-l1_firmware controller_cecc-x-m1-ys-l2_firmware controller_cecc-x-m1-y-yjkp_firmware servo_press_kit_yjkp_firmware servo_press_kit_yjkp-_firmware controller_cecc-x-m1 controller_cecc-x-m1-mv +6 more products- EPSS Score: %1.09
- Published: Jun. 13, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2022-30309
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to impro... Read more
Affected Products : controller_cecc-x-m1_firmware controller_cecc-x-m1-mv_firmware controller_cecc-x-m1-mv-s1_firmware controller_cecc-x-m1-ys-l1_firmware controller_cecc-x-m1-ys-l2_firmware controller_cecc-x-m1-y-yjkp_firmware servo_press_kit_yjkp_firmware servo_press_kit_yjkp-_firmware controller_cecc-x-m1 controller_cecc-x-m1-mv +6 more products- EPSS Score: %0.65
- Published: Jun. 13, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-27626
A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary comma... Read more
- EPSS Score: %2.38
- Published: Oct. 20, 2022
- Modified: Jan. 14, 2025
-
10.0
HIGHCVE-2022-25163
Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number "24061" or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number "24061" or prior and Mitsubishi El... Read more
- EPSS Score: %0.73
- Published: Jun. 02, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-20705
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more
Affected Products : rv340_firmware rv340w_firmware rv345_firmware rv345p_firmware rv160_firmware rv160w_firmware rv260_firmware rv260p_firmware rv260w_firmware small_business_rv_series_router_firmware +9 more products- EPSS Score: %81.48
- Published: Feb. 10, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-37535
SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.... Read more
- EPSS Score: %0.34
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-35211
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarW... Read more
Affected Products : serv-u- Actively Exploited
- EPSS Score: %94.00
- Published: Jul. 14, 2021
- Modified: Mar. 12, 2025
-
10.0
HIGHCVE-2021-31755
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.... Read more
- Actively Exploited
- EPSS Score: %94.23
- Published: May. 07, 2021
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2021-26895
Windows DNS Server Remote Code Execution Vulnerability... Read more
- EPSS Score: %9.94
- Published: Mar. 11, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-21538
Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console.... Read more
- EPSS Score: %1.55
- Published: Jul. 29, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-1497
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the... Read more
- Actively Exploited
- EPSS Score: %94.39
- Published: May. 06, 2021
- Modified: Feb. 24, 2025
-
10.0
HIGHCVE-2020-8794
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server ... Read more
- EPSS Score: %86.79
- Published: Feb. 25, 2020
- Modified: Nov. 21, 2024