Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2017-3619

    Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulnerability allows low privileged attacker with logon to the... Read more

    Affected Products : automatic_service_request
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2018-7172

    In index.php in WonderCMS before 2.4.1, remote attackers can delete arbitrary files via directory traversal.... Read more

    Affected Products : wondercms
    • Published: Feb. 27, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-48454

    In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Nov. 01, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-9589

    In ieee802_11_rx_wnmsleep_req of wnm_ap.c in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wi... Read more

    Affected Products : android
    • Published: Feb. 11, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-48457

    In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Nov. 01, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-47463

    In telecom service, there is a missing permission check. This could lead to local denial of service in telecom service.... Read more

    Affected Products : android s8000 sc7731e sc9832e sc9863a t310 t606 t610 t612 t616 +4 more products
    • Published: Apr. 11, 2023
    • Modified: Feb. 10, 2025

  • 5.5

    MEDIUM
    CVE-2018-11591

    Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via a NULL pointer dereference during syntax parsing. This was addressed by adding validation for a debug trace print statement in jsvar.... Read more

    Affected Products : espruino
    • Published: May. 31, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-10022

    An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.... Read more

    Affected Products : xpdf
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-1010162

    jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. The impact is: denial of service. The component is: function Jsi_StrcmpDict (jsiChar.c:121). The attack vector is: The victim must execute crafted javascript code. The fixed version is... Read more

    Affected Products : jsish
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-10419

    Jenkins vFabric Application Director Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.... Read more

    Affected Products : vfabric_application_director
    • Published: Sep. 25, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2024-41938

    A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary cert... Read more

    Affected Products : sinec_nms
    • Published: Aug. 13, 2024
    • Modified: Aug. 14, 2024

  • 5.5

    MEDIUM
    CVE-2017-9498

    The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) and Xfinity XR11-20 Voice Remote devices allows local users to upload arbitrary firmware images to an XR11 by leveraging root access. In other words, there is no protect... Read more

    • Published: Jul. 31, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2018-15736

    An issue was discovered in STOPzilla AntiMalware 6.5.2.59. The driver file szkg64.sys contains a Denial of Service vulnerability due to not validating the output buffer address value from IOCtl 0x8000204F.... Read more

    Affected Products : antimalware
    • Published: Jun. 21, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2016-2541

    Audacity before 2.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted MP2 file.... Read more

    Affected Products : audacity
    • Published: Feb. 07, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-17042

    An issue has been found in dbf2txt through 2012-07-19. It is a infinite loop.... Read more

    Affected Products : dbf2txt
    • Published: Sep. 14, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-15378

    The Panasonic Eluga Ray 600 Android device with a build fingerprint of Panasonic/ELUGA_Ray_600/ELUGA_Ray_600:8.1.0/O11019/1532692680:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionNa... Read more

    • Published: Nov. 14, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2018-11596

    Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because a check for '\0' is made for the wrong array element in jsvar.c.... Read more

    Affected Products : espruino
    • Published: May. 31, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2009-3400

    Unspecified vulnerability in the Oracle Advanced Benefits component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.... Read more

    Affected Products : e-business_suite
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 5.5

    MEDIUM
    CVE-2017-18281

    A bool variable in Video function, which gets typecasted to int before being read could result in an out of bound read access in all Android releases from CAF using the linux kernel... Read more

    Affected Products : android
    • Published: Oct. 29, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2019-2243

    Possible buffer overflow at the end of iterating loop while getting the version info and lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdra... Read more

    • Published: Jul. 22, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293695 Results