Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2022-31561

    The varijkapil13/Sphere_ImageBackend repository through 2019-10-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : sphere_imagebackend
    • EPSS Score: %0.44
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31565

    The yogson/syrabond repository through 2020-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : syrabond
    • EPSS Score: %0.44
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31567

    The DSABenchmark/DSAB repository through 2.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : data_stream_algorithm_benchmark
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31573

    The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : chainerrl-visualizer
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31579

    The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : iasset
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31581

    The scorelab/OpenMF repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : openmf
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31583

    The sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : automatedquizeval
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-5349

    The CSV export in Apache LDAP Studio and Apache Directory Studio before 2.0.0-M10 does not properly escape field values, which might allow attackers to execute arbitrary commands by leveraging a crafted LDAP entry that is interpreted as a formula when imp... Read more

    Affected Products : directory_studio ldap_studio
    • EPSS Score: %1.43
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2409

    A Texas Instruments (TI) haptic kernel driver in Android 6.x before 2016-04-01 allows attackers to gain privileges via a crafted application that leverages control over a service that can call this driver, aka internal bug 25981545.... Read more

    Affected Products : android
    • EPSS Score: %0.16
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2412

    include/core/SkPostConfig.h in Skia, as used in System_server in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted application, ... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2420

    rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application, aka internal bug 26403620.... Read more

    Affected Products : android
    • EPSS Score: %0.07
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2060

    server/TetherController.cpp in the tethering controller in netd, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate upstream interface names, which allows attackers to... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: May. 09, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2431

    The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809.... Read more

    Affected Products : android nexus_5 nexus_6 nexus_7_\(2013\)
    • EPSS Score: %1.20
    • Published: May. 09, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2434

    The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27251090.... Read more

    Affected Products : android nexus_9
    • EPSS Score: %1.25
    • Published: May. 09, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-4782

    Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack."... Read more

    Affected Products : android shareit
    • EPSS Score: %0.53
    • Published: May. 23, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3944

    UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle attackers to execute arbitrary code by spoofing an update response from susapi.lenovomm.com.... Read more

    Affected Products : accelerator_application
    • EPSS Score: %0.41
    • Published: Jun. 03, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2413

    media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a handle pointer, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Sig... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2465

    The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 27407865.... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2468

    The Qualcomm GPU driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 devices allows attackers to gain privileges via a crafted application, aka internal bug 27475454.... Read more

    Affected Products : android
    • EPSS Score: %0.39
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2477

    mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles pointers, which allows attackers to gain privileges via a crafted application, as dem... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291728 Results