Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2025-41370

    A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /... Read more

    Affected Products :
    • Published: Aug. 01, 2025
    • Modified: Aug. 04, 2025
    • Vuln Type: Injection

  • 9.3

    CRITICAL
    CVE-2024-1143

    Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass.... Read more

    Affected Products : central_dogma
    • EPSS Score: %0.28
    • Published: Feb. 02, 2024
    • Modified: Jun. 03, 2025

  • 9.3

    HIGH
    CVE-2009-1640

    Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery for Macintosh 4.04 allows user-assisted attackers to execute arbitrary code via a crafted .AMHH file.... Read more

    Affected Products : kernel_recovery
    • EPSS Score: %1.43
    • Published: May. 15, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-2261

    PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command.... Read more

    Affected Products : peazip
    • EPSS Score: %70.59
    • Published: Jun. 30, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-0649

    Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except pa... Read more

    • EPSS Score: %0.14
    • Published: Sep. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2023-4088

    Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a ... Read more

    • EPSS Score: %0.03
    • Published: Sep. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-7717

    mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596.... Read more

    Affected Products : android
    • EPSS Score: %0.21
    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2020-0002

    In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation Product: Android ... Read more

    Affected Products : android
    • EPSS Score: %0.29
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2012-0188

    Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX control in mraboutb.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document.... Read more

    • EPSS Score: %8.59
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2019-9686

    pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name ... Read more

    Affected Products : pacman
    • EPSS Score: %0.52
    • Published: Mar. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-4757

    Stack-based buffer overflow in BrotherSoft EW-MusicPlayer 0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: some of these details a... Read more

    Affected Products : ew-musicplayer
    • EPSS Score: %5.57
    • Published: Mar. 29, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2009-2484

    Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arb... Read more

    Affected Products : vlc_media_player windows
    • EPSS Score: %68.59
    • Published: Jul. 16, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-5552

    Integer overflow in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, ... Read more

    Affected Products : ios
    • EPSS Score: %1.60
    • Published: Oct. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-0182

    Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in a File line in a .pls file, as demonstrated by an http URL on a File1 line.... Read more

    Affected Products : vuplayer
    • EPSS Score: %5.68
    • Published: Jan. 20, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2023-43538

    Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.... Read more

    • Published: Jun. 03, 2024
    • Modified: Jan. 27, 2025

  • 9.3

    HIGH
    CVE-2013-3928

    Stack-based buffer overflow in the ReadFile function in flt_BMP.dll in Chasys Draw IES before 4.11.02 allows remote attackers to execute arbitrary code via crafted biPlanes and biBitCount fields in a BMP file.... Read more

    Affected Products : chasys_draw_ies
    • EPSS Score: %76.87
    • Published: Mar. 11, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    CRITICAL
    CVE-2022-31504

    The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : baiduwenkuspider_flaskweb
    • EPSS Score: %0.43
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31528

    The bonn-activity-maps/bam_annotation_tool repository through 2021-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31545

    The ml-inory/ModelConverter repository through 2021-04-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : modelconverter
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31547

    The noamezekiel/sphere repository through 2020-05-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : sphere
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292318 Results