Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2022-47555

    Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor.... Read more

    • EPSS Score: %0.46
    • Published: Sep. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-2193

    Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build 108, Pro 8.1 Build 99, and Photo Editor 4.0 Build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of ... Read more

    Affected Products : acdsee photo_editor
    • EPSS Score: %75.18
    • Published: Apr. 24, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2024-51990

    jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause `jj` to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable t... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 9.3

    HIGH
    CVE-2012-0227

    Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in ComponentOne FlexGrid 7.1, as used in Open Automation Software OPC Systems.NET, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long archive file n... Read more

    Affected Products : flexgrid opcsystems.net
    • EPSS Score: %7.62
    • Published: Oct. 12, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    CRITICAL
    CVE-2024-54234

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wp-buy Limit Login Attempts allows SQL Injection.This issue affects Limit Login Attempts: from n/a through 5.5.... Read more

    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 9.3

    HIGH
    CVE-2008-4798

    The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 (stable) allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL.... Read more

    Affected Products : webgui
    • EPSS Score: %3.97
    • Published: Oct. 30, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-1682

    Multiple stack-based buffer overflows in the FileManager ActiveX control in SAFmgPws.dll in SoftArtisans XFile before 2.4.0 allow remote attackers to execute arbitrary code via unspecified calls to the (1) BuildPath, (2) GetDriveName, (3) DriveExists, or ... Read more

    Affected Products : xfile
    • EPSS Score: %63.26
    • Published: Aug. 27, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-6435

    Stack-based buffer overflow in Novell GroupWise before 6.5.7, when HTML preview of e-mail is enabled, allows user-assisted remote attackers to execute arbitrary code via a long SRC attribute in an IMG element when forwarding or replying to a crafted e-mai... Read more

    Affected Products : groupwise
    • EPSS Score: %30.04
    • Published: Dec. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2014-9931

    A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value.... Read more

    Affected Products : android
    • EPSS Score: %0.18
    • Published: May. 16, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    CRITICAL
    CVE-2023-36459

    Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 1.3 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker using carefully crafted oEmbed data can bypass the HTML sanitization performed by Mastodon and i... Read more

    Affected Products : mastodon
    • EPSS Score: %0.16
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31505

    The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : mercadoenlineaback
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-0833

    Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in the File1 field. NOTE: some of these details are obtained from third par... Read more

    Affected Products : winamp gen_msn
    • EPSS Score: %9.11
    • Published: Mar. 05, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2024-35304

    System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. This issue affects Pandora FMS: from 700 through <777.... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Jun. 10, 2024
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2011-4876

    Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinC... Read more

    • EPSS Score: %16.82
    • Published: Feb. 03, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2018-12455

    Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie.... Read more

    Affected Products : nplug_firmware nplug
    • EPSS Score: %45.27
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-8752

    The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system.... Read more

    Affected Products : windows webiq
    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 9.3

    HIGH
    CVE-2020-4724

    IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute a... Read more

    Affected Products : i2_analysts_notebook
    • EPSS Score: %0.19
    • Published: Oct. 29, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-9496

    In ixheaacd_real_synth_fft_p3 of ixheaacd_esbr_fft.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitatio... Read more

    Affected Products : android
    • EPSS Score: %1.22
    • Published: Oct. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2013-3248

    Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pdf or .xps file.... Read more

    Affected Products : pdf_fusion
    • EPSS Score: %58.19
    • Published: Oct. 03, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-0517

    Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and earlier, when Run TCP/IP server is enabled, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted 0x02 opcode to TCP port 46823.... Read more

    Affected Products : winlog_pro
    • EPSS Score: %71.60
    • Published: Jan. 20, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 292495 Results