Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2022-33269

    Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment.... Read more

    • EPSS Score: %0.05
    • Published: Apr. 13, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-52959

    A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file.... Read more

    Affected Products :
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 9.3

    CRITICAL
    CVE-2024-55949

    MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit `580d9db85e04f1b63cc2909af50f0ed08afa965f`. This issue ... Read more

    Affected Products : minio
    • Published: Dec. 16, 2024
    • Modified: Dec. 16, 2024

  • 9.3

    HIGH
    CVE-2011-2654

    The RPC implementation in the server in Novell Cloud Manager 1.1.2 before Patch 3 does not properly initialize objects, which allows remote attackers to execute arbitrary code by making RPC calls that leverage incorrect privileges associated with a partia... Read more

    Affected Products : cloud_manager
    • EPSS Score: %4.33
    • Published: Sep. 06, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2022-23718

    PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious cod... Read more

    • EPSS Score: %0.95
    • Published: Jun. 30, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-7735

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Exnet Informatics Software Ferry Reservation System allows SQL Injection.This issue affects Ferry Reservation System: before 240805-002.... Read more

    Affected Products :
    • Published: Sep. 23, 2024
    • Modified: Sep. 26, 2024

  • 9.3

    HIGH
    CVE-2009-1599

    Opera executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing t... Read more

    Affected Products : opera_browser acrobat_reader
    • EPSS Score: %0.24
    • Published: May. 11, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-0734

    Heap-based buffer overflow in MultimediaPlayer.exe 6.86.240.7 in Nokia PC Suite 6.86.9.3 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file.... Read more

    Affected Products : nokia_pc_suite
    • EPSS Score: %4.46
    • Published: Feb. 25, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-2916

    Format string vulnerability in the CNS_AddTxt function in logs.dll in 2K Games Vietcong 2 1.10 and earlier might allow remote attackers to execute arbitrary code via format string specifiers in the nickname.... Read more

    Affected Products : vietcong_2
    • EPSS Score: %2.43
    • Published: Aug. 21, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2024-0817

    Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0... Read more

    Affected Products : paddlepaddle paddle
    • Published: Mar. 07, 2024
    • Modified: Jan. 19, 2025

  • 9.3

    HIGH
    CVE-2018-0052

    If RSH service is enabled on Junos OS and if the PAM authentication is disabled, a remote unauthenticated attacker can obtain root access to the device. RSH service is disabled by default on Junos. There is no documented CLI command to enable this service... Read more

    • EPSS Score: %8.91
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-37933

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anhvnit Woocommerce OpenPos.This issue affects Woocommerce OpenPos: from n/a through 6.4.4.... Read more

    Affected Products :
    • Published: Jul. 12, 2024
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2025-39445

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in highwarden Super Store Finder allows SQL Injection.This issue affects Super Store Finder: from n/a through 7.2.... Read more

    Affected Products : super_store_finder
    • Published: May. 19, 2025
    • Modified: May. 21, 2025
    • Vuln Type: Injection

  • 9.3

    HIGH
    CVE-2019-8718

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : iphone_os tvos watchos
    • EPSS Score: %0.27
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2025-1542

    Improper permission control vulnerability in the OXARI ServiceDesk application could allow an attacker using a guest access or an unprivileged account to gain additional administrative permissions in the application.This issue affects OXARI ServiceDesk in... Read more

    Affected Products :
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025

  • 9.3

    HIGH
    CVE-2009-1643

    Stack-based buffer overflow in Sorinara Soritong MP3 Player 1.0 allows remote attackers to execute arbitrary code via a crafted .m3u file.... Read more

    Affected Products : soritong_mp3_player
    • EPSS Score: %7.95
    • Published: May. 15, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2011-3874

    Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong nu... Read more

    Affected Products : android
    • EPSS Score: %25.36
    • Published: Jan. 27, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-4217

    Investintech.com SlimPDF Reader does not properly restrict read operations during block data moves, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document.... Read more

    Affected Products : slimpdf_reader
    • EPSS Score: %2.78
    • Published: Nov. 01, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2015-6616

    mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 24630158 and 23882800, a different vulnerab... Read more

    Affected Products : android
    • EPSS Score: %0.93
    • Published: Dec. 08, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    CRITICAL
    CVE-2022-47555

    Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor.... Read more

    • EPSS Score: %0.46
    • Published: Sep. 19, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292386 Results