Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2021-34083

    Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved fr... Read more

    Affected Products : google-it
    • EPSS Score: %0.58
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2022-24532

    HEVC Video Extensions Remote Code Execution Vulnerability... Read more

    Affected Products : hevc_video_extensions
    • EPSS Score: %1.76
    • Published: Apr. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-4471

    Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via ... Read more

    • EPSS Score: %6.25
    • Published: Oct. 07, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-17896

    Yokogawa STARDOM Controllers FCJ, FCN-100, FCN-RTU, FCN-500, All versions R4.10 and prior, The affected controllers utilize hard-coded credentials which may allow an attacker gain unauthorized access to the maintenance functions and obtain or modify infor... Read more

    • EPSS Score: %0.25
    • Published: Oct. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-37566

    MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7610, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bound... Read more

    • EPSS Score: %0.55
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-4071

    IBM Tivoli Storage Productivity Center (IBM Spectrum Control Standard Edition 5.2.1 through 5.2.17) could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 157063.... Read more

    • EPSS Score: %1.73
    • Published: May. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2021-41274

    solidus_auth_devise provides authentication services for the Solidus webstore framework, using the Devise gem. In affected versions solidus_auth_devise is subject to a CSRF vulnerability that allows user account takeover. All applications using any versio... Read more

    Affected Products : solidus_auth_devise
    • EPSS Score: %0.11
    • Published: Nov. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-13537

    An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService... Read more

    Affected Products : mxview
    • EPSS Score: %0.03
    • Published: Nov. 05, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2023-33072

    Memory corruption in Core while processing control functions.... Read more

    • EPSS Score: %0.03
    • Published: Feb. 06, 2024
    • Modified: Aug. 11, 2025

  • 9.3

    HIGH
    CVE-2008-5002

    Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote attackers to create and overwrite arbitrary files via the WriteFile method. NOTE: this could b... Read more

    Affected Products : chilkat_crypt_activex_control
    • EPSS Score: %66.50
    • Published: Nov. 10, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2020-4721

    IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute a... Read more

    Affected Products : i2_analysts_notebook
    • EPSS Score: %0.22
    • Published: Oct. 29, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-5232

    Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attacker... Read more

    Affected Products : windows_2000 windows windows_nt
    • EPSS Score: %46.19
    • Published: Nov. 26, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2020-15123

    In codecov (npm package) before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE ... Read more

    Affected Products : codecov
    • EPSS Score: %0.15
    • Published: Jul. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2023-6013

    H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack.... Read more

    Affected Products : h2o
    • EPSS Score: %0.24
    • Published: Nov. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-16087

    An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An attacker can run arbitrary commands on a remote Windows machine running the Zalo client by sending the user of the device a crafted file.... Read more

    Affected Products : windows zalo_desktop
    • EPSS Score: %0.17
    • Published: Aug. 13, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-16215

    Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modificati... Read more

    Affected Products : webaccess\/hmi_designer
    • EPSS Score: %0.84
    • Published: Aug. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2023-6569

    External Control of File Name or Path in h2oai/h2o-3... Read more

    Affected Products : h2o h2o
    • EPSS Score: %0.17
    • Published: Dec. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-39671

    Access control vulnerability in the security verification module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Jul. 25, 2024
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-23497

    Out-of-bounds write in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Sep. 12, 2024

  • 9.3

    CRITICAL
    CVE-2024-2796

    A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson.... Read more

    Affected Products : akana_api
    • Published: Apr. 18, 2024
    • Modified: Nov. 21, 2024
Showing 20 of 292425 Results