Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2008-4720

    Multiple PHP remote file inclusion vulnerabilities in The Gemini Portal 4.7 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) page/forums/bottom.php and (2) page/forums/category.php.... Read more

    Affected Products : gemini_portal
    • EPSS Score: %1.30
    • Published: Oct. 23, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-0427

    Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section.... Read more

    Affected Products : html_help_workshop
    • EPSS Score: %53.91
    • Published: Jan. 23, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2022-31512

    The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : flask-mvc
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31518

    The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : python-recipe-database
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-0134

    Insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX control in EasyGrid.ocx 1.0.0.1 in AAA EasyGrid ActiveX 3.51 allows remote attackers to create and overwrite arbitrary files via the (1) DoSaveFile or (2) DoSaveHtmlFile method. NOTE: vector... Read more

    Affected Products : easy_grid_control
    • EPSS Score: %5.64
    • Published: Jan. 16, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2024-24986

    Improper access control in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Sep. 06, 2024

  • 9.3

    CRITICAL
    CVE-2022-31577

    The longmaoteamtf/audio_aligner_app repository through 2020-01-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : audio_aligner_app
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-35798

    Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700v3 before 1.0.4.84, R6900P before 1.3.2.124, R7000 before 1.0.11.100, R7000P before 1.3.2.124, R7800 before 1.0.2.74, R785... Read more

    • EPSS Score: %0.38
    • Published: Dec. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2022-32252

    A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, gran... Read more

    Affected Products : sinema_remote_connect_server
    • EPSS Score: %0.13
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-6238

    SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process XML input securely in the Rest API from Servlet xyformsweb, leading to Missing XML Validation. This affects confidentiality and availability (partially) of SAP Commerce.... Read more

    Affected Products : commerce_cloud commerce
    • EPSS Score: %0.41
    • Published: Apr. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-7922

    Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. An attacker tricks the user who has root privilege to install a crafted application, the app... Read more

    Affected Products : alp-l09_firmware alp-l09
    • EPSS Score: %0.12
    • Published: Sep. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31588

    The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : testplatform
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-10750

    An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An authenticated user can pass a long buffer as a 'staticGet' parameter to the '/userfs/bin/tcapi' binary (in the Diagnostics component) using the 'staticGet <node_name attr>' function and cause ... Read more

    • EPSS Score: %0.97
    • Published: May. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-3842

    Multiple heap-based buffer overflows in libeffects in the Audio Policy Service in mediaserver in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application, aka internal bug 21953516.... Read more

    Affected Products : android
    • EPSS Score: %0.46
    • Published: Oct. 01, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    CRITICAL
    CVE-2023-0606

    Cross-site Scripting (XSS) - Reflected in GitHub repository ampache/ampache prior to 5.5.7.... Read more

    Affected Products : ampache
    • EPSS Score: %0.14
    • Published: Feb. 01, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-5279

    Heap-based buffer overflow in ConeXware PowerArchiver before 10.20.21 might allow remote attackers to execute arbitrary code via a long filename in a BlackHole archive.... Read more

    Affected Products : powerarchiver powerarchiver
    • EPSS Score: %18.33
    • Published: Oct. 09, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-8936

    The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips allow Platform Security Processor (PSP) privilege escalation.... Read more

    • EPSS Score: %0.60
    • Published: Mar. 22, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2010-0679

    Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ActiveX control (HyleosChemView.ocx) in Hyleos ChemView 1.9.5.1 allow remote attackers to execute arbitrary code via a large number of white space characters in the filename argument t... Read more

    Affected Products : chemview
    • EPSS Score: %73.24
    • Published: Feb. 22, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2018-9232

    Due to the lack of firmware authentication in the upgrade process of T&W WIFI Repeater BE126 devices, an attacker can craft a malicious firmware and use it as an update.... Read more

    Affected Products : be126_firmware be126
    • EPSS Score: %0.19
    • Published: May. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-3400

    The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as distributed in NCTAudioEditor and NCTAudioStudio 2.7, allows remote attackers to overwrite arbitrary files via the CreateFile method.... Read more

    Affected Products : nctaudioeditor nctaudiostudio
    • EPSS Score: %6.42
    • Published: Jun. 26, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 291812 Results