Latest CVE Feed
-
9.9
CRITICALCVE-2023-32231
An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.818. During installation, binaries gets executed out of a subfolder in C:\Windows\Temp. A standard user can create the folder and path file ahead of time and obtain elevated c... Read more
Affected Products : printerlogic_client- EPSS Score: %0.46
- Published: Jul. 25, 2023
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2023-40020
PrivateUploader is an open source image hosting server written in Vue and TypeScript. In affected versions `app/routes/v3/admin.controller.ts` did not correctly verify whether the user was an administrator (High Level) or moderator (Low Level) causing the... Read more
Affected Products : privateuploader- EPSS Score: %0.19
- Published: Aug. 14, 2023
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2023-40177
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively perfor... Read more
Affected Products : xwiki- EPSS Score: %2.11
- Published: Aug. 23, 2023
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2023-5223
A vulnerability, which was classified as critical, has been found in HimitZH HOJ up to 4.6-9a65e3f. This issue affects some unknown processing of the component Topic Handler. The manipulation leads to sandbox issue. The attack may be initiated remotely. T... Read more
Affected Products : hcode_online_judge- EPSS Score: %0.20
- Published: Sep. 27, 2023
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2023-45162
Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Application of the relevant hotfix remediates this issue. for v8.1.2 apply hotfix Q23166 for v8.4.1 apply hotfix Q23164 for v9.0.1 apply h... Read more
Affected Products : platform- EPSS Score: %0.10
- Published: Oct. 13, 2023
- Modified: May. 20, 2025
-
9.9
CRITICALCVE-2025-30841
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in adamskaat Countdown & Clock allows Remote Code Inclusion. This issue affects Countdown & Clock: from n/a through 2.8.8.... Read more
Affected Products : countdown_builder- Published: Apr. 01, 2025
- Modified: Apr. 02, 2025
- Vuln Type: Path Traversal
-
9.9
CRITICALCVE-2023-20048
A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is manag... Read more
- EPSS Score: %2.03
- Published: Nov. 01, 2023
- Modified: Nov. 26, 2024
-
9.9
CRITICALCVE-2023-45163
The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM pe... Read more
Affected Products : platform- EPSS Score: %0.10
- Published: Nov. 06, 2023
- Modified: Jun. 12, 2025
-
9.9
CRITICALCVE-2025-46264
Unrestricted Upload of File with Dangerous Type vulnerability in Angelo Mandato PowerPress Podcasting allows Upload a Web Shell to a Web Server. This issue affects PowerPress Podcasting: from n/a through 11.12.5.... Read more
Affected Products : powerpress- Published: Apr. 24, 2025
- Modified: Apr. 29, 2025
- Vuln Type: Authentication
-
9.9
CRITICALCVE-2015-2079
Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open.... Read more
- Published: Apr. 28, 2025
- Modified: May. 14, 2025
- Vuln Type: Memory Corruption
-
9.9
CRITICALCVE-2017-16279
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow ... Read more
- EPSS Score: %0.08
- Published: Jan. 11, 2023
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2017-16320
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub running firmware version 1012. Specially crafted commands sent through the PubNub service can cause a stack-based buffer overflow ... Read more
- EPSS Score: %0.08
- Published: Jan. 11, 2023
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2017-16343
An attacker could send an authenticated HTTP request to trigger this vulnerability in Insteon Hub running firmware version 1012. At 0x9d01c284 the value for the s_vol_brt_delta key is copied using strcpy to the buffer at 0xa0000510. This buffer is 4 bytes... Read more
- EPSS Score: %0.70
- Published: Aug. 02, 2018
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2018-0238
A vulnerability in the role-based resource checking functionality of the Cisco Unified Computing System (UCS) Director could allow an authenticated, remote attacker to view unauthorized information for any virtual machine in the UCS Director end-user port... Read more
Affected Products : unified_computing_system_director- EPSS Score: %5.07
- Published: Apr. 19, 2018
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2016-2396
The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, Analyzer, and UMA EM5000 7.2, 8.0, and 8.1 before Hotfix 168056 allows remote authenticated users to execute arbitrary commands via vectors related to configuration input.... Read more
- EPSS Score: %0.59
- Published: Feb. 17, 2016
- Modified: Apr. 12, 2025
-
9.9
CRITICALCVE-2019-5114
An exploitable SQL injection vulnerability exists in the authenticated portion of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with parameters containing SQL injection attacks to trigger this ... Read more
Affected Products : youphptube- EPSS Score: %0.58
- Published: Oct. 25, 2019
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2020-27485
Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ prog... Read more
- EPSS Score: %1.09
- Published: Nov. 16, 2020
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2020-35945
An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because t... Read more
- EPSS Score: %2.23
- Published: Jan. 01, 2021
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2020-35948
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. Th... Read more
Affected Products : xcloner- EPSS Score: %49.96
- Published: Jan. 01, 2021
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2018-3856
An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command inj... Read more
- EPSS Score: %1.63
- Published: Aug. 23, 2018
- Modified: Nov. 21, 2024