Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2018-11457

    A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated web server on port 4842/tcp of the affected pr... Read more

    • Published: Dec. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-26912

    NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet.... Read more

    Affected Products : netmotion_mobility
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10591

    Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML via prince(1) CLI. prince downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the r... Read more

    Affected Products : prince
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10643

    jstestdriver is a wrapper for Google's jstestdriver. jstestdriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attack... Read more

    Affected Products : jstestdriver
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-21817

    NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can get user to browse malicious site, to acquire access tokens allowing them to access resources in other sec... Read more

    • Published: Feb. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-2132

    It is possible to overlay the VPN dialog by a malicious application. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Andr... Read more

    Affected Products : android
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-33256

    A CSV injection vulnerability on the login panel of ManageEngine ADSelfService Plus Version: 6.1 Build No: 6101 can be exploited by an unauthenticated user. The j_username parameter seems to be vulnerable and a reverse shell could be obtained if a privile... Read more

    Affected Products : manageengine_adselfservice_plus
    • Published: Aug. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-35082

    Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC security mode command packet has been received in Snapdragon Industrial IOT... Read more

    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-22710

    A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could cause remote code execution when malicious CGF (C... Read more

    • Published: Mar. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-37563

    MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software... Read more

    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-39692

    In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is... Read more

    Affected Products : android
    • Published: Mar. 16, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31530

    The csm-aut/csm repository through 3.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : csm_server
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-8389

    An exploitable integer-overflow vulnerability exists within Iceni Argus. When it attempts to convert a malformed PDF to XML, it will attempt to convert each character from a font into a polygon and then attempt to rasterize these shapes. As the applicatio... Read more

    Affected Products : argus
    • Published: Feb. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2013-4988

    Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details are obtained from third party information.... Read more

    Affected Products : icofx
    • Published: Dec. 13, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    CRITICAL
    CVE-2023-32113

    SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and mo... Read more

    Affected Products : gui_for_windows
    • Published: May. 09, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-2488

    The Qualcomm camera driver in Android before 2016-06-01 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 27600832.... Read more

    Affected Products : android
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2010-4230

    Stack-based buffer overflow in a certain ActiveX control for the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to execute arbitrary code via a long string in the first argument ... Read more

    • Published: Nov. 17, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-0498

    Stack-based buffer overflow in Nokia Multimedia Player 1.00.55.5010, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a playlist (.npl) file.... Read more

    Affected Products : multimedia_player
    • Published: Jan. 20, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2019-2012

    In rw_t3t_act_handle_fmt_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.P... Read more

    Affected Products : android
    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-15529

    An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because of weak file permissions and can be exploited by using opportunisti... Read more

    Affected Products : galaxy
    • Published: Jul. 05, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292811 Results