Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2009-1240

    Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibl... Read more

    • EPSS Score: %1.03
    • Published: Apr. 03, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2019-11210

    The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls a... Read more

    • EPSS Score: %3.46
    • Published: Sep. 18, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-1422

    Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to gain privileges via unknown vectors, aka PR_41209.... Read more

    • EPSS Score: %2.14
    • Published: Jul. 14, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-1472

    The Java client program for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 has a hardcoded AES encryption key, which makes it easier for man-in-the-middle attackers to (1) execute arbitrary Java cod... Read more

    • EPSS Score: %0.18
    • Published: May. 27, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2017-9769

    A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process.... Read more

    Affected Products : synapse
    • EPSS Score: %77.70
    • Published: Aug. 02, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-9811

    The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the pr... Read more

    Affected Products : anti-virus_for_linux_server
    • EPSS Score: %24.67
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2009-1784

    The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus products including Anti-Virus Network Edition, Internet Security Netzwerk Edition, Server Edition für Linux/FreeBSD, Anti-Virus SBS Edition, and others allows remote attackers to bypass ma... Read more

    Affected Products : avg_anti-virus
    • EPSS Score: %0.44
    • Published: May. 22, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-15353

    A Buffer Overflow exploited through web interface by remote attacker can cause remote code execution in Kraftway 24F2XG Router firmware 3.5.30.1118.... Read more

    • EPSS Score: %3.62
    • Published: Aug. 17, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-2272

    Unspecified vulnerability in iframe_history.html in Dojo 0.4.x before 0.4.4 has unknown impact and remote attack vectors.... Read more

    Affected Products : dojo
    • EPSS Score: %0.46
    • Published: Jun. 15, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-15555

    On Telus Actiontec WEB6000Q v1.1.02.22 devices, an attacker can login with root level access with the user "root" and password "admin" by using the enabled onboard UART headers.... Read more

    Affected Products : web6000q_firmware web6000q
    • EPSS Score: %1.16
    • Published: Jun. 28, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-6598

    libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23306638.... Read more

    Affected Products : android
    • EPSS Score: %1.40
    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2506

    DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows remote attackers to execute arbitrary code or cause a d... Read more

    Affected Products : android
    • EPSS Score: %2.57
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-16167

    LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.... Read more

    Affected Products : logontracer
    • EPSS Score: %87.03
    • Published: Jan. 09, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-2419

    media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection... Read more

    Affected Products : android
    • EPSS Score: %0.20
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6608

    mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574, 23680780, 23876444, and 23658... Read more

    Affected Products : android
    • EPSS Score: %3.75
    • Published: Nov. 03, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2017-17849

    A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response.... Read more

    Affected Products : getgo_download_manager
    • EPSS Score: %35.13
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-17877

    An issue was discovered in Valve Steam Link build 643. When the SSH daemon is enabled for local development, the device is publicly available via IPv6 TCP port 22 over the internet (with stateless address autoconfiguration) by default, which makes it easi... Read more

    Affected Products : steam_link_firmware steam_link
    • EPSS Score: %1.27
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2018-1000832

    ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.... Read more

    Affected Products : zoneminder
    • EPSS Score: %8.16
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-1000838

    autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted C... Read more

    Affected Products : autopsy
    • EPSS Score: %0.24
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-14127

    Possible buffer overflow while playing mkv clip due to lack of validation of atom size buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in ... Read more

    • EPSS Score: %0.36
    • Published: Apr. 16, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 290954 Results