Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2018-14810

    WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior parse files and pass invalidated user data to an unsafe method call, which may allow code to be executed in the context of an administrator.... Read more

    Affected Products : pi_studio pi_studio_hmi
    • EPSS Score: %0.26
    • Published: Oct. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-44480

    Wokka Lokka Q50 devices through 2021-11-30 allow remote attackers (who know the SIM phone number and password) to listen to a device's surroundings via a callback in an SMS command, as demonstrated by the 123456 and 523681 default passwords.... Read more

    • EPSS Score: %0.30
    • Published: Dec. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-46363

    An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with... Read more

    Affected Products : magnolia_cms
    • EPSS Score: %1.66
    • Published: Feb. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2011-2740

    EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firefox 4.x or 5.0 is used, does not properly terminate a user session upon a logout action, which makes it easier for remote attackers to execute arbitrary code by leveraging an unattended ... Read more

    Affected Products : firefox rsa_key_manager_appliance
    • EPSS Score: %3.51
    • Published: Nov. 09, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2016-6729

    An elevation of privilege vulnerability in the Qualcomm bootloader in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility o... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-6739

    An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2019-2018

    In resetPasswordInternal of DevicePolicyManagerService.java, there is a possible bypass of password reset protection due to an unusual root cause. Remote user interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9Android ID... Read more

    Affected Products : android
    • EPSS Score: %0.08
    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2018-4006

    An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the writeConfig functionality. A non-root user is able to write a file anywhere on the system. A user with local access can use this vulnerability to raise... Read more

    Affected Products : shimo_vpn
    • EPSS Score: %0.04
    • Published: Apr. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-1543

    Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server.... Read more

    Affected Products : scoold
    • EPSS Score: %0.39
    • Published: Apr. 29, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2014-0328

    The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send an SNMP request and a TFTP response.... Read more

    • EPSS Score: %0.31
    • Published: Aug. 15, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-10433

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415,... Read more

    • EPSS Score: %0.17
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-17108

    HEVC Video Extensions Remote Code Execution Vulnerability... Read more

    Affected Products : hevc_video_extensions
    • EPSS Score: %8.06
    • Published: Nov. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10562

    iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested ... Read more

    Affected Products : iedriver
    • EPSS Score: %0.77
    • Published: May. 31, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2021-32989

    When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting.... Read more

    Affected Products : laquis_scada
    • EPSS Score: %0.20
    • Published: May. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2010-3042

    Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitra... Read more

    • EPSS Score: %3.10
    • Published: Feb. 02, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-3099

    Directory traversal vulnerability in SmartSoft Ltd SmartFTP Client 4.0.1124.0, and possibly other versions before 4.0 Build 1133, allows remote FTP servers to overwrite arbitrary files via a "..\" (dot dot backslash) in a filename. NOTE: some of these de... Read more

    Affected Products : smartftp
    • EPSS Score: %0.17
    • Published: Aug. 20, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2016-10623

    macaca-chromedriver-zxa is a Node.js wrapper for the selenium chromedriver. macaca-chromedriver-zxa downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out t... Read more

    Affected Products : macaca-chromedriver-zxa
    • EPSS Score: %0.77
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2010-3199

    Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same fol... Read more

    Affected Products : tortoisesvn
    • EPSS Score: %2.72
    • Published: Sep. 10, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2021-34083

    Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved fr... Read more

    Affected Products : google-it
    • EPSS Score: %0.58
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10664

    mystem is a Node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested bin... Read more

    Affected Products : mystem
    • EPSS Score: %0.77
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291641 Results