Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2012-0224

    Untrusted search path vulnerability in 7-Technologies (7T) AQUIS 1.5 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2012-0223.... Read more

    Affected Products : aquis
    • Published: Feb. 21, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0113

    Nuance PDF Reader 7.0 and PDF Viewer Plus 7.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document.... Read more

    Affected Products : pdf_reader pdf_reader_plus
    • Published: Feb. 24, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2017-8142

    The Trusted Execution Environment (TEE) module driver of Mate 9 and Mate 9 Pro smart phones with software versions earlier than MHA-AL00BC00B221 and versions earlier than LON-AL00BC00B221 has a use after free (UAF) vulnerability. An attacker tricks a user... Read more

    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2014-9869

    drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges via a crafted applicati... Read more

    Affected Products : android
    • Published: Aug. 06, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    CRITICAL
    CVE-2022-31512

    The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : flask-mvc
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-0134

    Insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX control in EasyGrid.ocx 1.0.0.1 in AAA EasyGrid ActiveX 3.51 allows remote attackers to create and overwrite arbitrary files via the (1) DoSaveFile or (2) DoSaveHtmlFile method. NOTE: vector... Read more

    Affected Products : easy_grid_control
    • Published: Jan. 16, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2024-24986

    Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024

  • 9.3

    CRITICAL
    CVE-2022-31577

    The longmaoteamtf/audio_aligner_app repository through 2020-01-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : audio_aligner_app
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-35798

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R6900P before 1.3.2.124, R7000 before 1.0.11.100, R7000P before 1.3.2.124, R7800 before 1.0.2.74, R785... Read more

    • Published: Dec. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-6238

    SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability (partially) of SAP Commerce.... Read more

    Affected Products : commerce_cloud commerce
    • Published: Apr. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-7922

    Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. An attacker tricks the user who has root privilege to install a crafted application, the app... Read more

    Affected Products : alp-l09_firmware alp-l09
    • Published: Sep. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31588

    The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : testplatform
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-5279

    Heap-based buffer overflow in ConeXware PowerArchiver before 10.20.21 might allow remote attackers to execute arbitrary code via a long filename in a BlackHole archive.... Read more

    Affected Products : powerarchiver powerarchiver
    • Published: Oct. 09, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-8936

    The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation.... Read more

    • Published: Mar. 22, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-9490

    In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Pro... Read more

    Affected Products : android
    • Published: Oct. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-9521

    In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is... Read more

    Affected Products : android
    • Published: Nov. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-9577

    In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is nee... Read more

    Affected Products : android
    • Published: Dec. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2010-4723

    Smarty before 3.0.0, when security is enabled, does not prevent access to the (1) dynamic and (2) private object members of an assigned object, which has unspecified impact and remote attack vectors.... Read more

    Affected Products : smarty
    • Published: Feb. 03, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-3027

    Integer overflow in the DWA9W ActiveX control in iNotes in IBM Domino 9.0 before IF3 allows remote attackers to execute arbitrary code via a crafted web page, aka SPR PTHN97XHFW.... Read more

    Affected Products : lotus_domino
    • Published: Aug. 09, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2008-4321

    Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FTP servers to execute arbitrary code via a long response to the PWD command.... Read more

    Affected Products : flashget_ftp
    • Published: Sep. 29, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 293497 Results