Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2015-3863

    Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob in an insert operation,... Read more

    Affected Products : android
    • Published: Oct. 01, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-3876

    libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file.... Read more

    Affected Products : android
    • Published: Oct. 02, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6606

    The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 2230178... Read more

    Affected Products : android
    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-7361

    FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated management interface, which allows remote attackers to obtain... Read more

    Affected Products : fortios
    • Published: Oct. 15, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6612

    libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426.... Read more

    Affected Products : android
    • Published: Nov. 03, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    CRITICAL
    CVE-2018-3971

    An exploitable arbitrary write vulnerability exists in the 0x2222CC IOCTL handler functionality of Sophos HitmanPro.Alert 3.7.6.744. A specially crafted IRP request can cause the driver to write data under controlled by an attacker address, resulting in m... Read more

    Affected Products : hitmanpro.alert
    • Published: Oct. 25, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-9575

    In impd_parse_dwnmix_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exp... Read more

    Affected Products : android
    • Published: Dec. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-1640

    A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected softwa... Read more

    • Published: Jan. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-1991

    In btif_dm_data_copy of btif_core.cc, there is a possible out of bounds write due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.... Read more

    Affected Products : android
    • Published: Feb. 28, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-1010260

    Using ktlint to download and execute custom rulesets can result in arbitrary code execution as the served jars can be compromised by a MITM. This attack is exploitable via Man in the Middle of the HTTP connection to the artifact servers. This vulnerabilit... Read more

    Affected Products : ktlint
    • Published: Apr. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2018-4049

    An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's “Games” directory, version 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of installed games to exploit this vulnerab... Read more

    Affected Products : galaxy
    • Published: Apr. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-2027

    In floor0_inverse1 of floor0.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Androi... Read more

    Affected Products : android
    • Published: Apr. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-11416

    A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user.... Read more

    Affected Products : iwr_3000n_firmware iwr_3000n
    • Published: Apr. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2019-10309

    Jenkins Self-Organizing Swarm Plug-in Modules Plugin clients that use UDP broadcasts to discover Jenkins masters do not prevent XML External Entity processing when processing the responses, allowing unauthorized attackers on the same network to read arbit... Read more

    Affected Products : self-organizing_swarm_modules
    • Published: Apr. 30, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-11687

    An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b and continuing in current implementations. The 128-byte preamble of a DICOM file that complies with this specification can contain arbitrary executable ... Read more

    Affected Products : dicom_standard
    • Published: May. 02, 2019
    • Modified: Jul. 24, 2025

  • 9.3

    HIGH
    CVE-2018-4062

    A hard-coded credentials vulnerability exists in the snmpd function of the Sierra Wireless AirLink ES450 FW 4.9.3. Activating snmpd outside of the WebUI can cause the activation of the hard-coded credentials, resulting in the exposure of a privileged user... Read more

    • Published: May. 06, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-1773

    A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected softwa... Read more

    • Published: May. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-3567

    In some configurations an attacker can inject a new executable path into the extensions.load file for osquery and hard link a parent folder of a malicious binary to a folder with known 'safe' permissions. Under those circumstances osquery will load said m... Read more

    Affected Products : osquery
    • Published: Jun. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-1990

    In ihevcd_fmt_conv_420sp_to_420p of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitat... Read more

    Affected Products : android
    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-2016

    In NFA_SendRawFrame of nfa_dm_api.cc, there is a possible out-of-bound write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Pro... Read more

    Affected Products : android
    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293330 Results