Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2017-15860

    In all Qualcomm products with Android releases from CAF using the Linux kernel, while processing an encrypted authentication management frame, a stack buffer overflow may potentially occur.... Read more

    Affected Products : android
    • EPSS Score: %0.05
    • Published: Feb. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-0543

    Untrusted search path vulnerability in Jtrim 1.53c and earlier (Installer) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : jtrim
    • EPSS Score: %0.17
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2023-44393

    Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the` /admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here]` page. This vulnerability can be exploited ... Read more

    Affected Products : piwigo
    • EPSS Score: %4.70
    • Published: Oct. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-8933

    The AMD EPYC Server processor chips have insufficient access control for protected memory regions, aka FALLOUT-1, FALLOUT-2, and FALLOUT-3.... Read more

    Affected Products : epyc_server_firmware epyc_server
    • EPSS Score: %0.49
    • Published: Mar. 22, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-8934

    The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, has a backdoor in firmware, aka CHIMERA-FW.... Read more

    • EPSS Score: %0.60
    • Published: Mar. 22, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-15325

    The Bdat driver of Prague smart phones with software versions earlier than Prague-AL00AC00B211, versions earlier than Prague-AL00BC00B211, versions earlier than Prague-AL00CC00B211, versions earlier than Prague-TL00AC01B211, versions earlier than Prague-T... Read more

    • EPSS Score: %0.11
    • Published: Mar. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-9141

    On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers to execute arbitrary code via a BMP file with a crafted resolution, aka SVE-2017-11105.... Read more

    Affected Products : samsung_mobile
    • EPSS Score: %0.76
    • Published: Mar. 30, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-17770

    In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in a power driver ioctl handler, an Untrusted Pointer Dereference may potentially occur.... Read more

    Affected Products : android
    • EPSS Score: %0.09
    • Published: Apr. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-13277

    In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: ... Read more

    Affected Products : android
    • EPSS Score: %0.72
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-13252

    In CryptoHal::decrypt of CryptoHal.cpp, there is an out of bounds write due to improper input validation that results in a read from uninitialized memory. This could lead to local escalation of privilege with no additional execution privileges needed. Use... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10231

    An elevation of privilege vulnerability in the Qualcomm sound codec driver. Product: Android. Versions: Android kernel. Android ID: A-33966912. References: QC-CR#1096799.... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-12652

    A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script function in SmartRobot′s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code.... Read more

    Affected Products :
    • Published: Dec. 26, 2024
    • Modified: Dec. 26, 2024

  • 9.3

    CRITICAL
    CVE-2021-27080

    Azure Sphere Unsigned Code Execution Vulnerability... Read more

    Affected Products : azure_sphere
    • EPSS Score: %0.32
    • Published: Mar. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-22709

    A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in loss of data or remote code execution w... Read more

    • EPSS Score: %0.70
    • Published: Mar. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-22711

    A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when... Read more

    • EPSS Score: %0.13
    • Published: Mar. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-54292

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Appsplate Appsplate allows SQL Injection.This issue affects Appsplate: from n/a through 2.1.3.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 9.3

    HIGH
    CVE-2021-27245

    This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 prior to Archer C7(US)_V5_210125 and Archer A7(US)_V5_200220 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists ... Read more

    Affected Products : archer_a7_firmware archer_a7
    • EPSS Score: %4.21
    • Published: Mar. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-25924

    In GoCD, versions 19.6.0 to 21.1.0 are vulnerable to Cross-Site Request Forgery due to missing CSRF protection at the `/go/api/config/backup` endpoint. An attacker can trick a victim to click on a malicious link which could change backup configurations or... Read more

    Affected Products : gocd
    • EPSS Score: %0.93
    • Published: Apr. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-21884

    Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafte... Read more

    • EPSS Score: %0.68
    • Published: Apr. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-13533

    A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attackers to effectively ‘backdoor’ the installation files an... Read more

    Affected Products : dream_report remote_connector
    • EPSS Score: %0.04
    • Published: Apr. 09, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291615 Results