Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2008-7162

    Buffer overflow in Hero Super Player 3000 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in a .M3U file. NOTE: this might be related to CVE-2008-4504.... Read more

    Affected Products : hero_super_player_3000
    • Published: Sep. 04, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2015-6033

    Qolsys IQ Panel (aka QOL) before 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle attackers to bypass intended access restrictions via a modified update.... Read more

    Affected Products : iq_panel
    • Published: Oct. 31, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2018-15418

    A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected softwa... Read more

    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31501

    The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : onyxforum
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-2884

    PHP remote file inclusion vulnerability in display.php in RSS-aggregator allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: some of these details are obtained from third party information.... Read more

    Affected Products : rss_aggregator
    • Published: Jun. 27, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2022-31543

    The maxtortime/SetupBox repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : setupbox
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-11344

    Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-... Read more

    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2014-9789

    The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attackers to gain privileges via a crafted application, aka An... Read more

    Affected Products : android
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2007-1771

    PHP remote file inclusion vulnerability in manage/javascript/formjavascript.php in Ay System Solutions Web Content System (WCS) 2.7.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[JavascriptEdit] parameter.... Read more

    Affected Products : web_content_system
    • Published: Mar. 30, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2013-7186

    Buffer overflow in Steinberg MyMp3PRO 5.0 (Build 5.1.0.21) allows remote attackers to execute arbitrary code via a long string in a .m3u file.... Read more

    Affected Products : mymp3pro
    • Published: Dec. 20, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2009-0476

    Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 and 7.11.2.7, as distributed in multiple MultiMedia Soft audio components for .NET, allows remote attackers to execute arbitrary code via a long string in a playlist (.pls) file, as ori... Read more

    • Published: Feb. 08, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2012-0269

    Buffer overflow in JustSystems Ichitaro 2011 Sou, Ichitaro 2006 through 2011, Ichitaro Government 2006 through 2010, Ichitaro Portable with oreplug, Ichitaro Viewer, JUST School, JUST School 2009 and 2010, JUST Jump 4, JUST Frontier, oreplug, Shuriken Pro... Read more

    • Published: Apr. 27, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2007-4421

    SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3_AutoLogin cookie.... Read more

    Affected Products : olatedownload
    • Published: Aug. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2015-8940

    Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and Qualcomm internal bug CR79236... Read more

    Affected Products : android
    • Published: Aug. 06, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2013-3480

    Integer overflow in Sagelight 4.4 and earlier allows remote attackers to execute arbitrary code via crafted width and height dimensions in a BMP file, which triggers a heap-based buffer overflow.... Read more

    Affected Products : sagelight
    • Published: Aug. 09, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-4875

    Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flex... Read more

    • Published: Feb. 03, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2007-6468

    Buffer overflow in the HuffDecode function in hw_utils/hwrcon/huffman.c and hexenworld/Client/huffman.c in Hammer of Thyrion 1.4.2 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted huffman encoded packet. NOTE: ... Read more

    Affected Products : hammer_of_thyrion
    • Published: Dec. 20, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2013-3934

    Stack-based buffer overflow in Kingsoft Writer 2012 8.1.0.3030, as used in Kingsoft Office 2013 before 9.1.0.4256, allows remote attackers to execute arbitrary code via a long font name in a WPS file.... Read more

    Affected Products : office_2012 writer_2012
    • Published: Sep. 10, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-5193

    Stack-based buffer overflow in the TIFMergeMultiFiles function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0 and Gold 6.0 allows remote attackers to execute arbitrary code via a long strDelimit paramet... Read more

    • Published: Aug. 31, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2008-2511

    Directory traversal vulnerability in the UmxEventCli.CachedAuditDataList.1 (aka UmxEventCliLib) ActiveX control in UmxEventCli.dll in CA Internet Security Suite 2008 allows remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the... Read more

    • Published: Jun. 02, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 293284 Results