Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2014-8358

    Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the "Mobile Partner" directory, which allows remote attacke... Read more

    • EPSS Score: %0.78
    • Published: Dec. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-15049

    The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.... Read more

    Affected Products : zoom
    • EPSS Score: %28.86
    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-17409

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mal... Read more

    Affected Products : internet_security_2018
    • EPSS Score: %1.28
    • Published: Dec. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-17410

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security 2018. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a mal... Read more

    Affected Products : internet_security_2018
    • EPSS Score: %1.28
    • Published: Dec. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-10909

    Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : music_center music_center_for_pc
    • EPSS Score: %0.11
    • Published: Dec. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-15316

    The GPU driver of Mate 9 Huawei smart phones with software before MHA-AL00B 8.0.0.334(C00) and Mate 9 Pro Huawei smart phones with software before LON-AL00B 8.0.0.334(C00) has a memory double free vulnerability. An attacker tricks a user into installing a... Read more

    • EPSS Score: %0.11
    • Published: Dec. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-16897

    A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sig... Read more

    Affected Products : passport-wsfed-saml2
    • EPSS Score: %0.42
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    CRITICAL
    CVE-2023-31191

    DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection. An attacker can exploit this vulnerability by injecting, on carefully selected channels, high power spoofed Open Dro... Read more

    • EPSS Score: %0.03
    • Published: Jul. 11, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-13176

    In the parseURL function of URLStreamHandler, there is improper input validation of the host field. This could lead to a remote elevation of privilege that could enable bypassing user interaction requirements with no additional execution privileges needed... Read more

    Affected Products : android
    • EPSS Score: %0.69
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-0507

    Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DL... Read more

    • EPSS Score: %0.17
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2014-1632

    htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter.... Read more

    Affected Products : eventum
    • EPSS Score: %16.90
    • Published: Jan. 31, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2023-21651

    Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.... Read more

    • EPSS Score: %0.05
    • Published: Aug. 08, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2012-5359

    Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file.... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.77
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-13230

    In hevc codec, there is an out-of-bounds write due to an incorrect bounds check with the i2_pic_width_in_luma_samples value. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for e... Read more

    Affected Products : android
    • EPSS Score: %1.62
    • Published: Feb. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-0858

    ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, C... Read more

    Affected Products : chakracore
    • EPSS Score: %30.16
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-5796

    A Remote Cross Site Request Forgery (CSRF) vulnerability in HPE 2620 Series Network Switches version RA.15.05.0006 was found.... Read more

    • EPSS Score: %0.49
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2012-0771

    Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0759.... Read more

    Affected Products : shockwave_player
    • EPSS Score: %6.37
    • Published: Feb. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-15860

    In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur.... Read more

    Affected Products : android
    • EPSS Score: %0.05
    • Published: Feb. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-0543

    Untrusted search path vulnerability in Jtrim 1.53c and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : jtrim
    • EPSS Score: %0.17
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2023-44393

    Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the` /admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here]` page. This vulnerability can be exploited ... Read more

    Affected Products : piwigo
    • EPSS Score: %4.70
    • Published: Oct. 09, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 291573 Results