Latest CVE Feed
-
10.0
HIGHCVE-2006-4691
Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.... Read more
- EPSS Score: %88.89
- Published: Nov. 14, 2006
- Modified: Apr. 09, 2025
-
10.0
HIGHCVE-2013-0445
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availab... Read more
- EPSS Score: %1.59
- Published: Feb. 02, 2013
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2008-0960
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONT... Read more
Affected Products : ios solaris sunos ios_xr ace_4710 catos ingate_firewall ingate_siparator session_and_resource_control cisco_ios +15 more products- EPSS Score: %36.63
- Published: Jun. 10, 2008
- Modified: Apr. 09, 2025
-
10.0
CRITICALCVE-2025-48748
Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password.... Read more
Affected Products : directory_manager- Published: May. 29, 2025
- Modified: Jun. 23, 2025
- Vuln Type: Misconfiguration
-
10.0
HIGHCVE-2022-23812
This affects the package node-ipc from 10.1.1 and before 10.1.3. This package contains malicious code, that targets users with IP located in Russia or Belarus, and overwrites their files with a heart emoji. **Note**: from versions 11.0.0 onwards, instead ... Read more
Affected Products : node-ipc- EPSS Score: %5.02
- Published: Mar. 16, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2025-5622
A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The manipulation of the argument apcli_mode_5g/apcli_enc_5g/apcli_default_key_5... Read more
- Published: Jun. 05, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Memory Corruption
-
10.0
HIGHCVE-2025-5623
A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to stack-based buffer over... Read more
- Published: Jun. 05, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Memory Corruption
-
10.0
HIGHCVE-2025-5624
A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the argument port0_group/port0_remarker/ssid0_group/ssid0_r... Read more
- Published: Jun. 05, 2025
- Modified: Jun. 06, 2025
- Vuln Type: Memory Corruption
-
10.0
CRITICALCVE-2024-48841
Network access can be used to execute arbitrary code with elevated privileges. This issue affects FLXEON 9.3.4 and older.... Read more
Affected Products :- Published: Jan. 27, 2025
- Modified: Feb. 14, 2025
- Vuln Type: Authentication
-
10.0
HIGHCVE-2008-5091
Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before SP10a and 8.8 before SP3 allows attackers to cause a denial of service (application crash) via vectors involving an "invalid extensibleMatch filter."... Read more
Affected Products : edirectory- EPSS Score: %0.59
- Published: Nov. 14, 2008
- Modified: Apr. 09, 2025
-
10.0
CRITICALCVE-2024-50603
An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can... Read more
Affected Products : controller- Actively Exploited
- Published: Jan. 08, 2025
- Modified: Jan. 23, 2025
- Vuln Type: Injection
-
10.0
HIGHCVE-2014-7232
GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) 2getin for the insite user, (2) 4$xray for the xruser user, and (3) #superxr for the root user, which has unspecified impact and attack vectors. NOTE: it is not clear whether these password... Read more
- EPSS Score: %0.62
- Published: Aug. 04, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2007-5395
Stack-based buffer overflow in the separate_word function in tokenize.c in Link Grammar 4.1b and possibly other versions, as used in AbiWord Link Grammar 4.2.4, allows remote attackers to execute arbitrary code via a long word, as reachable through the se... Read more
- EPSS Score: %9.44
- Published: Nov. 08, 2007
- Modified: Apr. 09, 2025
-
10.0
CRITICALCVE-2025-22504
Unrestricted Upload of File with Dangerous Type vulnerability in jumpdemand 4ECPS Web Forms allows Upload a Web Shell to a Web Server.This issue affects 4ECPS Web Forms: from n/a through 0.2.18.... Read more
Affected Products : 4ecps_web_forms- Published: Jan. 09, 2025
- Modified: Jan. 09, 2025
- Vuln Type: Misconfiguration
-
10.0
HIGHCVE-2007-0462
The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted... Read more
- EPSS Score: %13.33
- Published: Jan. 26, 2007
- Modified: Apr. 09, 2025
-
10.0
HIGHCVE-2021-1295
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. T... Read more
Affected Products : rv160_vpn_router_firmware rv160w_wireless-ac_vpn_router_firmware rv260_vpn_router_firmware rv260p_vpn_router_with_poe_firmware small_business_rv_series_router_firmware rv260w_wireless-ac_vpn_router_firmware rv160w_wireless-ac_vpn_router rv260_vpn_router rv260p_vpn_router_with_poe rv260w_wireless-ac_vpn_router +1 more products- EPSS Score: %1.87
- Published: Feb. 04, 2021
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2013-5829
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors re... Read more
- EPSS Score: %15.43
- Published: Oct. 16, 2013
- Modified: Apr. 11, 2025
-
10.0
HIGHCVE-2011-2162
Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact ... Read more
- EPSS Score: %0.99
- Published: May. 20, 2011
- Modified: Apr. 11, 2025
-
10.0
CRITICALCVE-2025-32433
Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3, OTP-26.2.5.11, and OTP-25.3.2.20, a SSH server may allow an attacker to perform unauthenticated remote code execution (RCE). By exploiting a flaw in SSH pr... Read more
Affected Products : staros network_services_orchestrator rv340_firmware rv340w_firmware rv345_firmware rv345p_firmware enterprise_nfv_infrastructure_software erlang\/otp rv160_firmware rv160w_firmware +26 more products- Actively Exploited
- Published: Apr. 16, 2025
- Modified: Jul. 30, 2025
- Vuln Type: Authentication
-
10.0
CRITICALCVE-2025-32660
Unrestricted Upload of File with Dangerous Type vulnerability in JoomSky JS Job Manager allows Upload a Web Shell to a Web Server. This issue affects JS Job Manager: from n/a through 2.0.2.... Read more
Affected Products : js_job_manager- Published: Apr. 17, 2025
- Modified: Apr. 17, 2025
- Vuln Type: Misconfiguration