Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2019-8718

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in watchOS 6, iOS 13, tvOS 13. An application may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : iphone_os tvos watchos
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2025-1542

    Improper permission control vulnerability in the OXARI ServiceDesk application could allow an attacker using a guest access or an unprivileged account to gain additional administrative permissions in the application.This issue affects OXARI ServiceDesk in... Read more

    Affected Products :
    • Published: Mar. 26, 2025
    • Modified: Mar. 27, 2025

  • 9.3

    HIGH
    CVE-2009-1643

    Stack-based buffer overflow in Sorinara Soritong MP3 Player 1.0 allows remote attackers to execute arbitrary code via a crafted .m3u file.... Read more

    Affected Products : soritong_mp3_player
    • Published: May. 15, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2011-3874

    Stack-based buffer overflow in libsysutils in Android 2.2.x through 2.2.2 and 2.3.x through 2.3.6 allows user-assisted remote attackers to execute arbitrary code via an application that calls the FrameworkListener::dispatchCommand method with the wrong nu... Read more

    Affected Products : android
    • Published: Jan. 27, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-4217

    Investintech.com SlimPDF Reader does not properly restrict read operations during block data moves, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document.... Read more

    Affected Products : slimpdf_reader
    • Published: Nov. 01, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2015-6616

    mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 24630158 and 23882800, a different vulnerab... Read more

    Affected Products : android
    • Published: Dec. 08, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    CRITICAL
    CVE-2022-47555

    Operating system command injection in ekorCCP and ekorRCI, which could allow an authenticated attacker to execute commands, create new users with elevated privileges or set up a backdoor.... Read more

    • Published: Sep. 19, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-2193

    Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build 108, Pro 8.1 Build 99, and Photo Editor 4.0 Build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of ... Read more

    Affected Products : acdsee photo_editor
    • Published: Apr. 24, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2024-51990

    jj, or Jujutsu, is a Git-compatible VCS written in rust. In affected versions specially crafted Git repositories can cause `jj` to write files outside the clone. This issue has been addressed in version 0.23.0. Users are advised to upgrade. Users unable t... Read more

    Affected Products :
    • Published: Nov. 07, 2024
    • Modified: Nov. 08, 2024

  • 9.3

    HIGH
    CVE-2012-0227

    Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in ComponentOne FlexGrid 7.1, as used in Open Automation Software OPC Systems.NET, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long archive file n... Read more

    Affected Products : flexgrid opcsystems.net
    • Published: Oct. 12, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    CRITICAL
    CVE-2024-54234

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wp-buy Limit Login Attempts allows SQL Injection.This issue affects Limit Login Attempts: from n/a through 5.5.... Read more

    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 9.3

    HIGH
    CVE-2008-4798

    The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 (stable) allows remote attackers to execute arbitrary code by uploading a Perl module and accessing it via a crafted URL.... Read more

    Affected Products : webgui
    • Published: Oct. 30, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-1682

    Multiple stack-based buffer overflows in the FileManager ActiveX control in SAFmgPws.dll in SoftArtisans XFile before 2.4.0 allow remote attackers to execute arbitrary code via unspecified calls to the (1) BuildPath, (2) GetDriveName, (3) DriveExists, or ... Read more

    Affected Products : xfile
    • Published: Aug. 27, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-6435

    Stack-based buffer overflow in Novell GroupWise before 6.5.7, when HTML preview of e-mail is enabled, allows user-assisted remote attackers to execute arbitrary code via a long SRC attribute in an IMG element when forwarding or replying to a crafted e-mai... Read more

    Affected Products : groupwise
    • Published: Dec. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2014-9931

    A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value.... Read more

    Affected Products : android
    • Published: May. 16, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    CRITICAL
    CVE-2023-36459

    Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 1.3 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker using carefully crafted oEmbed data can bypass the HTML sanitization performed by Mastodon and i... Read more

    Affected Products : mastodon
    • Published: Jul. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31505

    The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : mercadoenlineaback
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-0833

    Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 for Winamp 5.541 allows remote attackers to execute arbitrary code via a playlist (.pls) file with a long URL in the File1 field. NOTE: some of these details are obtained from third par... Read more

    Affected Products : winamp gen_msn
    • Published: Mar. 05, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2024-35304

    System command injection through Netflow function due to improper input validation, allowing attackers to execute arbitrary system commands. This issue affects Pandora FMS: from 700 through <777.... Read more

    Affected Products : pandora_fms pandora_fms
    • Published: Jun. 10, 2024
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2011-4876

    Directory traversal vulnerability in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinC... Read more

    • Published: Feb. 03, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293258 Results