Latest CVE Feed
-
10.0
HIGHCVE-2022-30310
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper acc... Read more
Affected Products : controller_cecc-x-m1_firmware controller_cecc-x-m1-mv_firmware controller_cecc-x-m1-mv-s1_firmware controller_cecc-x-m1-ys-l1_firmware controller_cecc-x-m1-ys-l2_firmware controller_cecc-x-m1-y-yjkp_firmware servo_press_kit_yjkp_firmware servo_press_kit_yjkp-_firmware controller_cecc-x-m1 controller_cecc-x-m1-mv +6 more products- EPSS Score: %1.09
- Published: Jun. 13, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2022-30309
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to impro... Read more
Affected Products : controller_cecc-x-m1_firmware controller_cecc-x-m1-mv_firmware controller_cecc-x-m1-mv-s1_firmware controller_cecc-x-m1-ys-l1_firmware controller_cecc-x-m1-ys-l2_firmware controller_cecc-x-m1-y-yjkp_firmware servo_press_kit_yjkp_firmware servo_press_kit_yjkp-_firmware controller_cecc-x-m1 controller_cecc-x-m1-mv +6 more products- EPSS Score: %0.65
- Published: Jun. 13, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-27626
A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary comma... Read more
- EPSS Score: %2.38
- Published: Oct. 20, 2022
- Modified: Jan. 14, 2025
-
10.0
HIGHCVE-2022-25163
Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number "24061" or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number "24061" or prior and Mitsubishi El... Read more
- EPSS Score: %0.73
- Published: Jun. 02, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-20705
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more
Affected Products : rv340_firmware rv340w_firmware rv345_firmware rv345p_firmware rv160_firmware rv160w_firmware rv260_firmware rv260p_firmware rv260w_firmware small_business_rv_series_router_firmware +9 more products- EPSS Score: %81.48
- Published: Feb. 10, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-37535
SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.... Read more
- EPSS Score: %0.34
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-35211
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarW... Read more
Affected Products : serv-u- Actively Exploited
- EPSS Score: %94.00
- Published: Jul. 14, 2021
- Modified: Mar. 12, 2025
-
10.0
HIGHCVE-2021-31755
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.... Read more
- Actively Exploited
- EPSS Score: %94.23
- Published: May. 07, 2021
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2021-26895
Windows DNS Server Remote Code Execution Vulnerability... Read more
- EPSS Score: %9.94
- Published: Mar. 11, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-21538
Dell EMC iDRAC9 versions 4.40.00.00 and later, but prior to 4.40.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to gain access to the virtual console.... Read more
- EPSS Score: %1.55
- Published: Jul. 29, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2021-1497
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the... Read more
- Actively Exploited
- EPSS Score: %94.36
- Published: May. 06, 2021
- Modified: Feb. 24, 2025
-
10.0
HIGHCVE-2020-8794
OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mta_session.c for multi-line replies. Although this vulnerability affects the client side of OpenSMTPD, it is possible to attack a server because the server ... Read more
- EPSS Score: %86.79
- Published: Feb. 25, 2020
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2020-8432
In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() function. Double freeing may result in a write-what-where condition, allowing an attacker to execute arbitrary code. NOTE: this vulnerablity was introduced ... Read more
- EPSS Score: %1.20
- Published: Jan. 29, 2020
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2020-3745
Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .... Read more
- EPSS Score: %4.38
- Published: Feb. 13, 2020
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2020-35632
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker ca... Read more
- EPSS Score: %0.22
- Published: Apr. 18, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2020-35458
An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_me_id parameter in the login_from_cookie cookie. The user logout routine could be used by unauthenticated remote attackers to... Read more
Affected Products : hawk- EPSS Score: %12.99
- Published: Jan. 12, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2020-3161
A vulnerability in the web server for Cisco IP Phones could allow an unauthenticated, remote attacker to execute code with root privileges or cause a reload of an affected IP phone, resulting in a denial of service (DoS) condition. The vulnerability is du... Read more
- Actively Exploited
- EPSS Score: %80.82
- Published: Apr. 15, 2020
- Modified: Feb. 24, 2025
-
10.0
CRITICALCVE-2020-28635
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker ca... Read more
- EPSS Score: %0.43
- Published: Apr. 18, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2020-28606
Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker ca... Read more
- EPSS Score: %0.38
- Published: Apr. 18, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2020-13753
The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TI... Read more
- EPSS Score: %1.33
- Published: Jul. 14, 2020
- Modified: Nov. 21, 2024