Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2013-7246

    Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote attackers to execute arbitrary code via a long string, as exploited in the wild in January 2014.... Read more

    Affected Products : daumgame_activex_control
    • EPSS Score: %38.72
    • Published: Jan. 30, 2014
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2020-27275

    Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.... Read more

    Affected Products : cncsoft-b dopsoft
    • EPSS Score: %0.49
    • Published: Jan. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-0266

    Stack-based buffer overflow in Triologic Media Player 8.0.0.0 allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3l playlist file. NOTE: the provenance of this information is unknown; the details are obtained solely ... Read more

    Affected Products : media_player
    • EPSS Score: %8.99
    • Published: Jan. 26, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-0341

    The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability.... Read more

    Affected Products : internet_explorer windows_xp
    • EPSS Score: %49.36
    • Published: Jan. 29, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2011-0925

    The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digit... Read more

    Affected Products : secure_desktop
    • EPSS Score: %2.36
    • Published: Feb. 28, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-1065

    Multiple stack-based buffer overflows in the PIPIWebPlayer ActiveX control (PIWebPlayer.ocx) in PIPI Player 2.8.0.0 allow remote attackers to execute arbitrary code via long arguments to the (1) PlayURL or (2) PlayURLWithLocalPlayer methods.... Read more

    Affected Products : pipi_player
    • EPSS Score: %4.50
    • Published: Feb. 23, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    CRITICAL
    CVE-2023-6013

    H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack.... Read more

    Affected Products : h2o
    • EPSS Score: %0.24
    • Published: Nov. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-16087

    An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An attacker can run arbitrary commands on a remote Windows machine running the Zalo client by sending the user of the device a crafted file.... Read more

    Affected Products : windows zalo_desktop
    • EPSS Score: %0.17
    • Published: Aug. 13, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2014-4619

    EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 P11, 6.5.2 before P02HF01, and 6.8.x before 6.8.1 P07, when Novell Identity Manager (aka NovellIM) is used, allows remote attackers to bypass authentication via an arbitrary valid usernam... Read more

    • EPSS Score: %2.23
    • Published: Aug. 28, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2020-16208

    The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions).... Read more

    • EPSS Score: %0.26
    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-16215

    Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Processing specially crafted project files lacking proper validation of user supplied data may cause a stack-based buffer overflow, which may allow remote code execution, disclosure/modificati... Read more

    Affected Products : webaccess\/hmi_designer
    • EPSS Score: %0.84
    • Published: Aug. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2023-6569

    External Control of File Name or Path in h2oai/h2o-3... Read more

    Affected Products : h2o h2o
    • EPSS Score: %0.17
    • Published: Dec. 14, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-39671

    Access control vulnerability in the security verification module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.... Read more

    Affected Products : emui harmonyos
    • Published: Jul. 25, 2024
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-23497

    Out-of-bounds write in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Sep. 12, 2024

  • 9.3

    CRITICAL
    CVE-2022-21796

    A memory corruption vulnerability exists in the netserver parse_command_list functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this v... Read more

    Affected Products : rlc-410w_firmware rlc-410w
    • EPSS Score: %0.67
    • Published: Jan. 28, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-2796

    A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson.... Read more

    Affected Products : akana_api
    • Published: Apr. 18, 2024
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-6117

    A Unrestricted upload of file with dangerous type vulnerability in meeting management function in Hamastar MeetingHub Paperless Meetings 2021 allows remote authenticated users to perform arbitrary system commands via a crafted ASP file.... Read more

    Affected Products : meetinghub_paperless_meetings
    • Published: Aug. 05, 2024
    • Modified: Aug. 30, 2024

  • 9.3

    CRITICAL
    CVE-2024-37051

    GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 EAP2; Da... Read more

    Affected Products : intellij_idea mps goland rubymine phpstorm pycharm webstorm rider clion aqua +3 more products
    • Published: Jun. 10, 2024
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-1327

    Stack-based buffer overflow in Mini-stream WM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.... Read more

    Affected Products : wm_downloader
    • EPSS Score: %10.09
    • Published: Apr. 17, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-1330

    Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.pls) file.... Read more

    Affected Products : easy_rm_to_mp3_converter
    • EPSS Score: %6.46
    • Published: Apr. 17, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 291804 Results