Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2017-10860

    Untrusted search path vulnerability in "i-filter 6.0 installer" timestamp of code signing is before 23 Aug 2017 (JST) allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.... Read more

    Affected Products : i-filter_installer
    • EPSS Score: %0.22
    • Published: Sep. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2008-1217

    Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH, and 8.0.x before 8.0.1 allows remote attackers to execute arbitrary code via a crafted attachment in an e-mail message sent over SMTP, a variant of CVE-... Read more

    Affected Products : lotus_notes notes
    • EPSS Score: %3.42
    • Published: Mar. 09, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-3430

    Buffer overflow in the CoVideoWindow.ocx ActiveX control 5.0.907.1 in Eyeball MessengerSDK, as used in products such as SiOL Komunikator 1.3, allows remote attackers to execute arbitrary code via a large argument supplied to the BGColor method. NOTE: thi... Read more

    Affected Products : eyeball_messenger_sdk
    • EPSS Score: %5.62
    • Published: Jul. 31, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2004-1114

    Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a different vulnerability than CVE-2004-1777.... Read more

    Affected Products : skype
    • EPSS Score: %14.86
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2017-13251

    In impeg2d_dec_pic_data_thread of impeg2d_dec_hdr.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when running multi threaded with no additional execution privileges needed. User i... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-9007

    In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist.... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2015-9020

    In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in the unlocking of memory.... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-14705

    DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication paramete... Read more

    Affected Products : i-suite web_application_firewall
    • EPSS Score: %4.64
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2016-0826

    libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not require use of the ICameraService::dump method for a camera service dump, which allows attackers to gain privileges via a crafted appl... Read more

    Affected Products : android
    • EPSS Score: %0.07
    • Published: Mar. 12, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-10342

    In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a syscall handler.... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2016-10575

    Kindlegen is a simple Node.js wrapper of the official kindlegen program. Kindlegen versions before 1.1.0 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping o... Read more

    Affected Products : kindlegen
    • EPSS Score: %0.77
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10684

    healthcenter - IBM Monitoring and Diagnostic Tools health Center agent healthcenter downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested res... Read more

    Affected Products : healthcenter
    • EPSS Score: %0.77
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2011-0926

    A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a... Read more

    Affected Products : secure_desktop
    • EPSS Score: %4.52
    • Published: Feb. 25, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2008-3853

    Buffer overflow in the DAS server program in the Core DAS function component in IBM DB2 9.1 before FP4a and 9.5 before FP1 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via unspecified vectors. NOTE: this mi... Read more

    Affected Products : db2_universal_database
    • EPSS Score: %7.98
    • Published: Aug. 28, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2012-2288

    Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message.... Read more

    Affected Products : networker
    • EPSS Score: %68.89
    • Published: Sep. 04, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2008-4050

    A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to (1) create and read arbitrary registry values via the RegistryValue method, and (2) read arbitrary files via the GetText... Read more

    Affected Products : friendly_pppoe_client
    • EPSS Score: %6.62
    • Published: Sep. 11, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-19560

    BageCMS 3.1.3 has CSRF via upload/index.php?r=admini/admin/ownerUpdate to modify a user account.... Read more

    Affected Products : bagecms
    • EPSS Score: %0.15
    • Published: Nov. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-15817

    In all Qualcomm products with Android releases from CAF using the Linux kernel, when an access point sends a challenge text greater than 128 bytes, the host driver is unable to validate this potentially leading to authentication failure.... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Feb. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-4825

    Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via a crafted (1) CIF, (2) C2D, or (3) GI file.... Read more

    Affected Products : ultraiso
    • EPSS Score: %1.53
    • Published: Apr. 01, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2017-16659

    The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script.... Read more

    Affected Products : anti-spam_smtp_proxy
    • EPSS Score: %0.11
    • Published: Nov. 08, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291728 Results