Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2019-8724

    Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.... Read more

    Affected Products : xcode
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-2434

    The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 in Housecall_ActiveX.dll allows remote attackers to download an arbitrary library file onto a client system via a "custom update server" argument. NOTE: this can be leveraged for code e... Read more

    Affected Products : housecall housecall
    • Published: Dec. 23, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2017-2729

    The boot loaders in Honor 5A smart phones with software Versions earlier than CAM-TL00C01B193,Versions earlier than CAM-TL00HC00B193,Versions earlier than CAM-UL00C00B193 have a buffer overflow vulnerability. An attacker with the root privilege of an Andr... Read more

    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2015-9003

    In TrustZone a cryptographic issue can potentially occur in all Android releases from CAF using the Linux kernel.... Read more

    Affected Products : android
    • Published: May. 16, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2016-6042

    IBM AppScan Enterprise Edition could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of objects in memory. By persuading a victim to open specially-crafted content, an attacker could exploit this vulnerability ... Read more

    Affected Products : security_appscan
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2020-5242

    openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all command... Read more

    Affected Products : openhab
    • Published: Feb. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-3189

    The dotCMS administration panel, versions 3.7.1 and earlier, "Push Publishing" feature in Enterprise Pro is vulnerable to arbitrary file upload. When "Bundle" tar.gz archives uploaded to the Push Publishing feature are decompressed, there are no checks on... Read more

    Affected Products : dotcms
    • Published: Jul. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2011-1033

    Stack-based buffer overflow in oninit in IBM Informix Dynamic Server (IDS) 11.50 allows remote attackers to execute arbitrary code via crafted arguments in the USELASTCOMMITTED session environment option in a SQL SET ENVIRONMENT statement.... Read more

    Affected Products : informix_dynamic_server
    • Published: Feb. 15, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    CRITICAL
    CVE-2019-13412

    A service which is hosted on port 3097 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L).... Read more

    Affected Products : gpon_firmware gpon
    • Published: Oct. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-1528

    Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application's privileges or cause a denial of service (Binder heap memory corruption) via a crafted ap... Read more

    Affected Products : android
    • Published: Oct. 01, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2019-1924

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected sof... Read more

    • Published: Aug. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2011-2589

    Heap-based buffer overflow in the SendLogAction method in the UUPlayer ActiveX control 6.0.0.1 in UUSee 2010 6.11.0609.2 might allow remote attackers to execute arbitrary code via a long argument.... Read more

    Affected Products : uuplayer_activex_control uusee
    • Published: Aug. 09, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2018-15413

    A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected softwa... Read more

    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-15419

    A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected softwa... Read more

    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-1647

    The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary files.... Read more

    Affected Products : chilkathttp_activex
    • Published: Apr. 02, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2010-2331

    Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allows remote attackers to execute arbitrary code via a long HEAD request.... Read more

    Affected Products : isharer_file_sharing_wizard
    • Published: Jun. 18, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2021-30355

    Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root.... Read more

    Affected Products : kindle_firmware kindle
    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-4012

    An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bc_http_read_header incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated attacker... Read more

    Affected Products : brightcloud
    • Published: Jan. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2019-20606

    An issue was discovered on Samsung mobile devices with any (before May 2019) software. A phishing attack against OMACP can change the network and internet settings. The Samsung ID is SVE-2019-14073 (May 2019).... Read more

    Affected Products : android
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10584

    dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out ... Read more

    Affected Products : dalekjs
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293238 Results