Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2019-16732

    Unencrypted HTTP communications for firmware upgrades in Petalk AI and PF-103 allow man-in-the-middle attackers to run arbitrary code as the root user.... Read more

    • EPSS Score: %0.18
    • Published: Dec. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-13250

    In ih264d_fmt_conv_420sp_to_420p of ih264d_utils.c, there is an out of bound write due to a missing out of bounds check because of a multiplication error. This could lead to an remote code execution with no additional execution privileges needed. User int... Read more

    Affected Products : android
    • EPSS Score: %0.21
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-5002

    Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote attackers to create and overwrite arbitrary files via the WriteFile method. NOTE: this could b... Read more

    Affected Products : chilkat_crypt_activex_control
    • EPSS Score: %66.50
    • Published: Nov. 10, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2020-4721

    IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute a... Read more

    Affected Products : i2_analysts_notebook
    • EPSS Score: %0.22
    • Published: Oct. 29, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-5232

    Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attacker... Read more

    Affected Products : windows_2000 windows windows_nt
    • EPSS Score: %46.19
    • Published: Nov. 26, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-6363

    Stack-based buffer overflow in DesignWorks Professional 4.3.1 and 5.0.7 allows remote attackers to execute arbitrary code via a crafted .cct file. NOTE: some of these details are obtained from third party information.... Read more

    Affected Products : designworks
    • EPSS Score: %10.60
    • Published: Mar. 02, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2012-1189

    Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in The Open Racing Car Simulator (TORCS) before 1.3.3 and Speed Dreams allows user-assisted remote attackers to execute arbitrary code via a long file name in an engine sample attribute in... Read more

    Affected Products : torcs speed_dreams
    • EPSS Score: %28.91
    • Published: Oct. 08, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    CRITICAL
    CVE-2022-31571

    The akashtalole/python-flask-restful-api repository through 2019-09-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : python-flask-restful-api
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-15123

    In codecov (npm package) before version 3.7.1 the upload method has a command injection vulnerability. Clients of the codecov-node library are unlikely to be aware of this, so they might unwittingly write code that contains a vulnerability. A similar CVE ... Read more

    Affected Products : codecov
    • EPSS Score: %0.15
    • Published: Jul. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-22439

    There is a deserialization vulnerability in Huawei AnyOffice V200R006C10. An attacker can construct a specific request to exploit this vulnerability. Successfully exploiting this vulnerability, the attacker can execute remote malicious code injection and ... Read more

    Affected Products : anyoffice
    • EPSS Score: %0.17
    • Published: Jun. 29, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2013-7246

    Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote attackers to execute arbitrary code via a long string, as exploited in the wild in January 2014.... Read more

    Affected Products : daumgame_activex_control
    • EPSS Score: %38.72
    • Published: Jan. 30, 2014
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2020-27275

    Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.... Read more

    Affected Products : cncsoft-b dopsoft
    • EPSS Score: %0.49
    • Published: Jan. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-0266

    Stack-based buffer overflow in Triologic Media Player 8.0.0.0 allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3l playlist file. NOTE: the provenance of this information is unknown; the details are obtained solely ... Read more

    Affected Products : media_player
    • EPSS Score: %8.99
    • Published: Jan. 26, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-0341

    The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability.... Read more

    Affected Products : internet_explorer windows_xp
    • EPSS Score: %49.36
    • Published: Jan. 29, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2011-0925

    The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digit... Read more

    Affected Products : secure_desktop
    • EPSS Score: %2.36
    • Published: Feb. 28, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-1065

    Multiple stack-based buffer overflows in the PIPIWebPlayer ActiveX control (PIWebPlayer.ocx) in PIPI Player 2.8.0.0 allow remote attackers to execute arbitrary code via long arguments to the (1) PlayURL or (2) PlayURLWithLocalPlayer methods.... Read more

    Affected Products : pipi_player
    • EPSS Score: %4.50
    • Published: Feb. 23, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    CRITICAL
    CVE-2023-6013

    H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack.... Read more

    Affected Products : h2o
    • EPSS Score: %0.24
    • Published: Nov. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-16087

    An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An attacker can run arbitrary commands on a remote Windows machine running the Zalo client by sending the user of the device a crafted file.... Read more

    Affected Products : windows zalo_desktop
    • EPSS Score: %0.17
    • Published: Aug. 13, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2014-4619

    EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before 6.8.1 P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers to bypass authentication via an arbitrary valid usernam... Read more

    • EPSS Score: %2.23
    • Published: Aug. 28, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2020-16208

    The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions).... Read more

    • EPSS Score: %0.26
    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 291659 Results