Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2022-31523

    The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : anakin
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31538

    The joaopedro-fg/mp-m08-interface repository through 2020-12-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : mp-m08-interface
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-1250

    Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the central phone server for the Snom 320 SIP Phone allow remote attackers to perform actions as the phone user, as demonstrated by inserting an address-book entry containi... Read more

    Affected Products : 320_sip_phone
    • EPSS Score: %0.31
    • Published: Mar. 10, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-9570

    In impd_parse_drc_ext_v1 of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation... Read more

    Affected Products : android
    • EPSS Score: %0.18
    • Published: Dec. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-2846

    BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link.... Read more

    Affected Products : sync
    • EPSS Score: %1.65
    • Published: Apr. 13, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2007-5450

    Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouch) and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service (application crash), and enable filesystem browsing by the local user, via a certain TIFF file.... Read more

    Affected Products : iphone_os safari ipod_touch
    • EPSS Score: %1.81
    • Published: Oct. 14, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2017-0563

    An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.18
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    CRITICAL
    CVE-2020-13532

    A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file t... Read more

    Affected Products : dream_report remote_connector
    • EPSS Score: %0.05
    • Published: Apr. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-0680

    A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37008096.... Read more

    Affected Products : android
    • EPSS Score: %0.21
    • Published: Jul. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2008-2745

    Stack-based buffer overflow in BiAnno ActiveX Control (BiAnno.ocx) in Black Ice Software Annotation Plugin 10.95 allows remote attackers to execute arbitrary code via a long parameter to the AnnoSaveToTiff method.... Read more

    Affected Products : annotation_software
    • EPSS Score: %18.57
    • Published: Jun. 17, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2011-4216

    Investintech.com SlimPDF Reader does not properly restrict write operations, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document.... Read more

    Affected Products : slimpdf_reader
    • EPSS Score: %2.79
    • Published: Nov. 01, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2014-5406

    The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via pac... Read more

    • EPSS Score: %0.61
    • Published: Jul. 06, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-8385

    An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF to XML a stack variable will be left uninitialized which will later be used to fetch a leng... Read more

    Affected Products : argus
    • EPSS Score: %0.95
    • Published: Feb. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2018-10731

    All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products running firmware version 1.0 to 1.33 are prone to buffer overflows when handling very large cookies (a different vulnerability than CVE-2018-10728).... Read more

    • EPSS Score: %1.47
    • Published: May. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-2244

    Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file.... Read more

    Affected Products : photoshop illustrator golive
    • EPSS Score: %24.17
    • Published: Apr. 25, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2016-8432

    An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device comp... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.24
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2008-2821

    Directory traversal vulnerability in the FTP client in Glub Tech Secure FTP before 2.5.16 on Windows allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-200... Read more

    Affected Products : windows_nt secure_ftp
    • EPSS Score: %2.34
    • Published: Jun. 23, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2010-2702

    Buffer overflow in the UGameEngine::UpdateConnectingMessage function in the Unreal engine 1, 2, and 2.5, as used in multiple games including Unreal Tournament 2004, Unreal tournament 2003, Postal 2, Raven Shield, and SWAT4, when downloads are enabled, all... Read more

    • EPSS Score: %5.50
    • Published: Jul. 12, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2019-2003

    In addLinks of Linkify.java, there is a possible phishing vector due to an unusual root cause. This could lead to remote code execution or misdirection of clicks with no additional execution privileges needed. User interaction is needed for exploitation.P... Read more

    Affected Products : android
    • EPSS Score: %1.67
    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-6639

    The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.... Read more

    Affected Products : android
    • EPSS Score: %7.80
    • Published: Jan. 06, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292428 Results