Latest CVE Feed
-
10.0
HIGHCVE-2022-28350
Arm Mali GPU Kernel Driver allows improper GPU operations in Valhall r29p0 through r36p0 before r37p0 to reach a use-after-free situation.... Read more
Affected Products : valhall_gpu_kernel_driver- Published: May. 19, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2022-28348
Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through r36p0 before r37p0, and Valhall r19p0 through r36p0 before r37p0) allows improper GPU memory operations to reach a use-after-free situation.... Read more
- Published: May. 19, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-27593
An externally controlled reference to a resource vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, This could allow an attacker to modify system files. We have already fixed the vulnerability in the following versions... Read more
- Actively Exploited
- Published: Sep. 08, 2022
- Modified: Feb. 12, 2025
-
10.0
HIGHCVE-2022-26501
Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).... Read more
Affected Products : veeam_backup_\&_replication- Actively Exploited
- Published: Mar. 17, 2022
- Modified: Apr. 04, 2025
-
10.0
HIGHCVE-2005-0260
Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which is not properly handled in a recvfrom call.... Read more
Affected Products : brightstor_arcserve_backup- Published: May. 02, 2005
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2022-24706
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges. The CouchDB documentation has always made recommendations for properly securing an installation, includin... Read more
Affected Products : couchdb- Actively Exploited
- Published: Apr. 26, 2022
- Modified: Jan. 29, 2025
-
10.0
HIGHCVE-2022-24086
Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. Exploitation of this issue does not require user interaction and could result in arbitrary co... Read more
- Actively Exploited
- Published: Feb. 16, 2022
- Modified: Feb. 13, 2025
-
10.0
CRITICALCVE-2022-23658
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this sec... Read more
Affected Products : clearpass_policy_manager- Published: May. 16, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2022-23227
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users because of the lack of handle_import_user.php authentication. When combined with another flaw (CVE-2011-5325), it ... Read more
- Actively Exploited
- Published: Jan. 14, 2022
- Modified: Mar. 13, 2025
-
10.0
CRITICALCVE-2022-22947
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that coul... Read more
Affected Products : commerce_guided_search communications_cloud_native_core_network_slice_selection_function communications_cloud_native_core_network_repository_function communications_cloud_native_core_network_function_cloud_native_environment communications_cloud_native_core_binding_support_function communications_cloud_native_core_console communications_cloud_native_core_security_edge_protection_proxy communications_cloud_native_core_service_communication_proxy communications_cloud_native_core_network_exposure_function spring_cloud_gateway- Actively Exploited
- Published: Mar. 03, 2022
- Modified: Mar. 13, 2025
-
10.0
HIGHCVE-2022-22586
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.... Read more
Affected Products : macos- Published: Mar. 18, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-20749
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more
- Published: Feb. 10, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-20712
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more
- Published: Feb. 10, 2022
- Modified: Nov. 21, 2024
-
10.0
CRITICALCVE-2022-20699
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more
- Actively Exploited
- Published: Feb. 10, 2022
- Modified: Mar. 13, 2025
-
10.0
HIGHCVE-2021-45382
A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L routers via the DDNS function in ncc2 binary file. Note: DIR-810L, DIR-820L, DIR-830L, DIR-826L, DIR-836L, all... Read more
Affected Products : dir-810l_firmware dir-820l_firmware dir-826l_firmware dir-830l_firmware dir-836l_firmware dir-820lw_firmware dir-820l dir-810l dir-826l dir-830l +2 more products- Actively Exploited
- Published: Feb. 17, 2022
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-2734
webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.... Read more
Affected Products : netware- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-2689
NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to the "autorized=admin; root=admin" value.... Read more
Affected Products : newsphp- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-2644
Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "ANY" type tags.... Read more
Affected Products : asn.1_compiler- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-2645
Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "CHOICE" types with "indefinite length structures."... Read more
Affected Products : asn.1_compiler- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-2623
Unknown vulnerability in Rippy the Aggregator before 0.10, when register_globals is enabled, has unknown attack vectors and impact, possibly related to the "user-controlled filter."... Read more
Affected Products : rippy_the_aggregator- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025