Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2008-0951

    Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled... Read more

    Affected Products : windows_vista
    • EPSS Score: %55.65
    • Published: Mar. 24, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2011-4783

    The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted remote attackers to execute arbitrary code via a crafted IDB file, related to improper handling of certain swig_runtime_data files in the current working directory.... Read more

    Affected Products : ida idapython
    • EPSS Score: %2.17
    • Published: Dec. 27, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2009-0812

    Stack-based buffer overflow in BreakPoint Software Hex Workshop 4.23, 6.0.1.4603, and other 6.x and earlier versions allows remote attackers to execute arbitrary code via a crafted Intel Hex Code (.hex) file. NOTE: some of these details are obtained from ... Read more

    Affected Products : hex_workshop
    • EPSS Score: %22.32
    • Published: Mar. 04, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2016-10275

    An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device co... Read more

    Affected Products : android
    • EPSS Score: %0.05
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2016-10439

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, there is a TOCTOU vulnerability in the input validation for bulletin_board... Read more

    • EPSS Score: %0.14
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10560

    galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the req... Read more

    Affected Products : galenframework-cli
    • EPSS Score: %0.77
    • Published: May. 31, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-6730

    Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in the ZyXEL P-330W router allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote router management via goform/fo... Read more

    Affected Products : p-330w_router
    • EPSS Score: %0.16
    • Published: Sep. 10, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2016-10650

    ntfserver is a Network Testing Framework Server. ntfserver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker cont... Read more

    Affected Products : ntfserver
    • EPSS Score: %0.77
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10659

    poco - The POCO libraries, downloads source file resources used for compilation over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker control... Read more

    Affected Products : poco
    • EPSS Score: %0.77
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2016-1929

    The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security No... Read more

    Affected Products : hana
    • EPSS Score: %1.33
    • Published: Jan. 20, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2448

    media/libmediaplayerservice/nuplayer/NuPlayerStreamListener.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not properly validate entry data structures, which allows attackers to gain ... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: May. 09, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2472

    The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27776888.... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2486

    mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate the relationship between allocated memory and the frame size, which allows attackers to ga... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2008-0223

    Buffer overflow in JustSystems JSFC.DLL, as used in multiple JustSystems products such as Ichitaro, allows remote attackers to execute arbitrary code via a crafted .JTD file.... Read more

    • EPSS Score: %11.65
    • Published: Jan. 10, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2014-0879

    Stack-based buffer overflow in the Taskmaster Capture ActiveX control in IBM Datacap Taskmaster Capture 8.0.1, and 8.1 before FP2, allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : datacap_taskmaster_capture
    • EPSS Score: %22.90
    • Published: Mar. 21, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3770

    The MediaTek drivers in Android before 2016-07-05 on Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28346752 and MediaTek internal bug ALPS02703102.... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3792

    CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles userspace data copying, which allows attackers to gain privileges via a crafted application, aka Android internal bug 27725204 a... Read more

    Affected Products : android
    • EPSS Score: %0.09
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3867

    The Qualcomm IPA driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28919863 and Qualcomm internal bug CR1037897.... Read more

    Affected Products : android
    • EPSS Score: %0.48
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3935

    Multiple integer overflows in drivers/crypto/msm/qcedev.c in the Qualcomm cryptographic engine driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka An... Read more

    Affected Products : android
    • EPSS Score: %0.07
    • Published: Oct. 10, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-4126

    Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs list... Read more

    Affected Products : windows air_desktop_runtime
    • EPSS Score: %1.63
    • Published: Jun. 16, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291573 Results