Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2009-0182

    Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in a File line in a .pls file, as demonstrated by an http URL on a File1 line.... Read more

    Affected Products : vuplayer
    • Published: Jan. 20, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2023-43538

    Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.... Read more

    • Published: Jun. 03, 2024
    • Modified: Jan. 27, 2025

  • 9.3

    HIGH
    CVE-2013-3928

    Stack-based buffer overflow in the ReadFile function in flt_BMP.dll in Chasys Draw IES before 4.11.02 allows remote attackers to execute arbitrary code via crafted biPlanes and biBitCount fields in a BMP file.... Read more

    Affected Products : chasys_draw_ies
    • Published: Mar. 11, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    CRITICAL
    CVE-2022-31504

    The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : baiduwenkuspider_flaskweb
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31528

    The bonn-activity-maps/bam_annotation_tool repository through 2021-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31545

    The ml-inory/ModelConverter repository through 2021-04-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : modelconverter
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31547

    The noamezekiel/sphere repository through 2020-05-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : sphere
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31554

    The rohitnayak/movie-review-sentiment-analysis repository through 2017-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : movie-review-sentiment-analysis
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-7993

    HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulnerability on mediaserver component. An attacker tricks the user install a malicious application, which make the software to reference memory after it has be... Read more

    Affected Products : mate_10_firmware mate_10
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31587

    The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : kg-fashion-chatbot
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2021-35090

    Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile... Read more

    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31523

    The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : anakin
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31538

    The joaopedro-fg/mp-m08-interface repository through 2020-12-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : mp-m08-interface
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-1250

    Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the central phone server for the Snom 320 SIP Phone allow remote attackers to perform actions as the phone user, as demonstrated by inserting an address-book entry containi... Read more

    Affected Products : 320_sip_phone
    • Published: Mar. 10, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-9570

    In impd_parse_drc_ext_v1 of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation... Read more

    Affected Products : android
    • Published: Dec. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-2846

    BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link.... Read more

    Affected Products : sync
    • Published: Apr. 13, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2007-5450

    Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouch) and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service (application crash), and enable filesystem browsing by the local user, via a certain TIFF file.... Read more

    Affected Products : iphone_os safari ipod_touch
    • Published: Oct. 14, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2017-0563

    An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device... Read more

    Affected Products : android linux_kernel
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    CRITICAL
    CVE-2020-13532

    A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file t... Read more

    Affected Products : dream_report remote_connector
    • Published: Apr. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-0680

    A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37008096.... Read more

    Affected Products : android
    • Published: Jul. 06, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293186 Results