Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2018-9550

    In CAacDecoder_Init of aacdecoder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: An... Read more

    Affected Products : android
    • EPSS Score: %0.25
    • Published: Dec. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-0465

    The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ALL_IN_THE_BOX.OCX in Synactis ALL In-The-Box ActiveX 3 allows remote attackers to create and overwrite arbitrary files via an argument ending in a '\0' character, which bypasses the inten... Read more

    Affected Products : all_in_the_box.ocx
    • EPSS Score: %6.77
    • Published: Feb. 10, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-11285

    In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429,... Read more

    • EPSS Score: %0.10
    • Published: Sep. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-11551

    AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file is loaded by 'pbxsetup.exe' improperly.... Read more

    Affected Products : axon_pbx
    • EPSS Score: %1.43
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2013-0501

    The EdrawSoft EDOFFICE.EDOfficeCtrl.1 ActiveX control, as used in Edraw Office Viewer Component, the client in IBM Cognos Disclosure Management (CDM) 10.2.0, and other products, allows remote attackers to read arbitrary files, or download an arbitrary pro... Read more

    Affected Products : cognos_disclosure_management
    • EPSS Score: %0.75
    • Published: Apr. 12, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2017-8210

    The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user ... Read more

    • EPSS Score: %0.18
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-8212

    The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user ... Read more

    • EPSS Score: %0.18
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-8268

    In all Qualcomm products with Android releases from CAF using the Linux kernel, the camera application can possibly request frame/command buffer processing with invalid values leading to the driver performing a heap buffer over-read.... Read more

    Affected Products : android
    • EPSS Score: %0.09
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2013-0655

    The client in Schneider Electric Software Update (SESU) Utility 1.0.x and 1.1.x does not ensure that updates have a valid origin, which allows man-in-the-middle attackers to spoof updates, and consequently execute arbitrary code, by modifying the data str... Read more

    • EPSS Score: %1.58
    • Published: Jan. 21, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0686

    Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, and 5.0- Portal allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document co... Read more

    Affected Products : wonderware_information_server
    • EPSS Score: %0.46
    • Published: May. 09, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0726

    Stack-based buffer overflow in the ERM_convert_to_correct_webpath function in ermapper_u.dll in ERDAS ER Viewer before 13.00.0001 allows remote attackers to execute arbitrary code via a crafted pathname in an ERS file.... Read more

    Affected Products : erdas_er_viewer
    • EPSS Score: %65.42
    • Published: May. 05, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0723

    Multiple heap-based buffer overflows in etxrw.dll in Kingsoft Spreadsheets 2012 8.1.0.3030 allow remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via a crafted spreadsheet file.... Read more

    Affected Products : spreadsheets_2012
    • EPSS Score: %7.61
    • Published: Jul. 29, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2009-1598

    Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on acc... Read more

    Affected Products : chrome
    • EPSS Score: %0.31
    • Published: May. 11, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-1639

    Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery for Novell 4.03 allows user-assisted attackers to execute arbitrary code via a crafted .NKNT file.... Read more

    Affected Products : kernel_recovery
    • EPSS Score: %1.32
    • Published: May. 15, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-1644

    Stack-based buffer overflow in Sorinara Streaming Audio Player 0.9 allows remote attackers to execute arbitrary code via a crafted .pla file.... Read more

    Affected Products : streaming_audio_player
    • EPSS Score: %8.65
    • Published: May. 15, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-1666

    Multiple unspecified vulnerabilities in CycloMedia CycloScopeLite 2.50.3.0 allow remote attackers to execute arbitrary code via the ReturnConnection method in (1) CM_ADOConnection.dll, (2) CM_AddressInfoDBC.dll, and (3) CM_RecordingLocationDBC.dll, relate... Read more

    Affected Products : cycloscopelite
    • EPSS Score: %1.85
    • Published: May. 18, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-14923

    A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback.... Read more

    Affected Products : ezplayer
    • EPSS Score: %0.23
    • Published: Aug. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2010-3041

    Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitra... Read more

    • EPSS Score: %10.94
    • Published: Feb. 02, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-3134

    Untrusted search path vulnerability in Google Earth 5.1.3535.3218 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll that is located in the same folder as a .kmz fi... Read more

    Affected Products : earth
    • EPSS Score: %1.47
    • Published: Aug. 26, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-3143

    Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .conta... Read more

    Affected Products : windows
    • EPSS Score: %11.37
    • Published: Aug. 27, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 292522 Results