Latest CVE Feed
-
10.0
HIGHCVE-2000-0491
Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and wdm allows remote attackers to execute arbitrary commands or cause a denial of service via a long FORWARD_QUERY request.... Read more
- EPSS Score: %6.92
- Published: May. 24, 2000
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-1999-0953
WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers.... Read more
Affected Products : wwwboard- EPSS Score: %3.19
- Published: Sep. 16, 1999
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-1999-0951
Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote attackers to execute commands.... Read more
Affected Products : omnihttpd- EPSS Score: %4.58
- Published: Oct. 22, 1999
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-1999-0878
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.... Read more
- EPSS Score: %1.35
- Published: Aug. 22, 1999
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-1999-0874
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.... Read more
- EPSS Score: %85.13
- Published: Jun. 16, 1999
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-1999-0662
A system-critical program or library does not have the appropriate patch, hotfix, or service pack installed, or is outdated or obsolete.... Read more
Affected Products :- EPSS Score: %0.48
- Published: Jan. 01, 1999
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-1999-0527
The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can be overwritten.... Read more
Affected Products :- EPSS Score: %0.35
- Published: Jan. 01, 1999
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-1999-0198
finger .@host on some systems may print information on some user accounts.... Read more
Affected Products :- EPSS Score: %0.48
- Published: Jan. 01, 1999
- Modified: Apr. 03, 2025
-
10.0
CRITICALCVE-2024-2973
An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device. Onl... Read more
Affected Products :- Published: Jun. 27, 2024
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2023-22518
All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Usin... Read more
- Actively Exploited
- EPSS Score: %94.38
- Published: Oct. 31, 2023
- Modified: Feb. 10, 2025
-
10.0
HIGHCVE-2012-5087
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans.... Read more
- EPSS Score: %6.22
- Published: Oct. 16, 2012
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2022-30310
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper acc... Read more
Affected Products : controller_cecc-x-m1_firmware controller_cecc-x-m1-mv_firmware controller_cecc-x-m1-mv-s1_firmware controller_cecc-x-m1-ys-l1_firmware controller_cecc-x-m1-ys-l2_firmware controller_cecc-x-m1-y-yjkp_firmware servo_press_kit_yjkp_firmware servo_press_kit_yjkp-_firmware controller_cecc-x-m1 controller_cecc-x-m1-mv +6 more products- EPSS Score: %1.09
- Published: Jun. 13, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2022-30309
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to impro... Read more
Affected Products : controller_cecc-x-m1_firmware controller_cecc-x-m1-mv_firmware controller_cecc-x-m1-mv-s1_firmware controller_cecc-x-m1-ys-l1_firmware controller_cecc-x-m1-ys-l2_firmware controller_cecc-x-m1-y-yjkp_firmware servo_press_kit_yjkp_firmware servo_press_kit_yjkp-_firmware controller_cecc-x-m1 controller_cecc-x-m1-mv +6 more products- EPSS Score: %0.65
- Published: Jun. 13, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-27626
A vulnerability regarding concurrent execution using shared resource with improper synchronization ('Race Condition') is found in the session processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary comma... Read more
- EPSS Score: %2.38
- Published: Oct. 20, 2022
- Modified: Jan. 14, 2025
-
10.0
HIGHCVE-2022-25163
Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number "24061" or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number "24061" or prior and Mitsubishi El... Read more
- EPSS Score: %0.73
- Published: Jun. 02, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-20705
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more
Affected Products : rv340_firmware rv340w_firmware rv345_firmware rv345p_firmware rv160_firmware rv160w_firmware rv260_firmware rv260p_firmware rv260w_firmware small_business_rv_series_router_firmware +9 more products- EPSS Score: %81.48
- Published: Feb. 10, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-37535
SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges.... Read more
- EPSS Score: %0.34
- Published: Sep. 14, 2021
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2021-35211
Microsoft discovered a remote code execution (RCE) vulnerability in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability. If exploited, a threat actor may be able to gain privileged access to the machine hosting Serv-U Only. SolarW... Read more
Affected Products : serv-u- Actively Exploited
- EPSS Score: %94.14
- Published: Jul. 14, 2021
- Modified: Mar. 12, 2025
-
10.0
HIGHCVE-2021-31755
An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.... Read more
- Actively Exploited
- EPSS Score: %94.23
- Published: May. 07, 2021
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2021-26895
Windows DNS Server Remote Code Execution Vulnerability... Read more
- EPSS Score: %9.94
- Published: Mar. 11, 2021
- Modified: Nov. 21, 2024