Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2014-9931

    A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value.... Read more

    Affected Products : android
    • Published: May. 16, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    CRITICAL
    CVE-2023-36459

    Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 1.3 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker using carefully crafted oEmbed data can bypass the HTML sanitization performed by Mastodon and i... Read more

    Affected Products : mastodon
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31505

    The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : mercadoenlineaback
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-0833

    Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in the File1 field. NOTE: some of these details are obtained from third par... Read more

    Affected Products : winamp gen_msn
    • Published: Mar. 05, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2024-35304

    System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. This issue affects Pandora FMS: from 700 through <777.... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Jun. 10, 2024
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2011-4876

    Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinC... Read more

    • Published: Feb. 03, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2018-12455

    Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie.... Read more

    Affected Products : nplug_firmware nplug
    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-8752

    The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system.... Read more

    Affected Products : windows webiq
    • Published: Sep. 16, 2024
    • Modified: Sep. 20, 2024

  • 9.3

    HIGH
    CVE-2020-4724

    IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute a... Read more

    Affected Products : i2_analysts_notebook
    • Published: Oct. 29, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-9496

    In ixheaacd_real_synth_fft_p3 of ixheaacd_esbr_fft.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitatio... Read more

    Affected Products : android
    • Published: Oct. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2013-3248

    Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pdf or .xps file.... Read more

    Affected Products : pdf_fusion
    • Published: Oct. 03, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-0517

    Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and earlier, when Run TCP/IP server is enabled, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted 0x02 opcode to TCP port 46823.... Read more

    Affected Products : winlog_pro
    • Published: Jan. 20, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-3599

    userlogin.jsp in Coursemill Learning Management System (LMS) 6.6 and 6.8 allows remote attackers to gain privileges via a modified user-role value to home.html.... Read more

    • Published: Sep. 06, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2018-1335

    From Apache Tika versions 1.7 to 1.17, clients could send carefully crafted headers to tika-server that could be used to inject commands into the command line of the server running tika-server. This vulnerability only affects those running tika-server on ... Read more

    Affected Products : tika
    • Published: Apr. 25, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-13540

    An exploitable local privilege elevation vulnerability exists in the file system permissions of the Win-911 Enterprise V4.20.13 install directory via WIN-911 Account Change Utility. Depending on the vector chosen, an attacker can overwrite various executa... Read more

    Affected Products : win-911 mobile-911_server
    • Published: Jan. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-0797

    A elevation of privilege vulnerability in the MediaTek accessory detector driver. Product: Android. Versions: Android kernel. Android ID: A-62459766. References: M-ALPS03353854.... Read more

    Affected Products : android
    • Published: Sep. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-0806

    An elevation of privilege vulnerability in the Android framework (gatekeeperresponse). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62998805.... Read more

    Affected Products : android
    • Published: Oct. 04, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2015-6467

    Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin.... Read more

    Affected Products : webaccess advantech_webaccess
    • Published: Jan. 15, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2013-0855

    Integer overflow in the alac_decode_close function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a large number of samples per frame in Apple Lossless Audio Codec (ALAC) data, which triggers an out-of-... Read more

    Affected Products : ffmpeg
    • Published: Dec. 07, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2015-6620

    libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 24123723 and 24445127.... Read more

    Affected Products : android
    • Published: Dec. 08, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 292770 Results