Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2009-0450

    Stack-based buffer overflow in BlazeVideo HDTV Player 3.5 and earlier allows remote attackers to execute arbitrary code via a long string in a playlist (aka .plf) file.... Read more

    Affected Products : hdtv_player
    • Published: Feb. 10, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-8931

    The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient access control for the Secure Processor, aka RYZENFALL-1.... Read more

    • Published: Mar. 22, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-9076

    For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, when changing the name of a share, an attacker can craft a command injection payload using backtick "``" characters in the name parameter. As a result, arbitrary commands m... Read more

    • Published: Sep. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-0466

    A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution ... Read more

    Affected Products : android
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2009-0813

    Insecure method vulnerability in the ImeraIEPlugin ActiveX control (ImeraIEPlugin.dll 1.0.2.54) in Imera TeamLinks Client allows remote attackers to force the download and execution of arbitrary URLs via modified DownloadProtocol, DownloadHost, DownloadPo... Read more

    Affected Products : teamlinks
    • Published: Mar. 05, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2017-0468

    A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution ... Read more

    Affected Products : android
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-8233

    In a camera driver function in all Android releases from CAF using the Linux kernel, a bounds check is missing when writing into an array potentially leading to an out-of-bounds heap write.... Read more

    Affected Products : android
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-8236

    In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an IPA driver.... Read more

    Affected Products : android
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-0474

    A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution ... Read more

    Affected Products : android
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-8208

    The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user ... Read more

    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2010-1912

    The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to bypass intended restrictions on ActiveX execution via "instantiation/free attacks."... Read more

    • Published: May. 12, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2017-9648

    An Uncontrolled Search Path Element issue was discovered in Solar Controls WATTConfig M Software Version 2.5.10.1 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target syste... Read more

    Affected Products : wattconfig_m
    • Published: Aug. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2016-2493

    The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 26571522.... Read more

    Affected Products : android
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2009-2356

    Multiple stack-based buffer overflows in the pgsqlQuery function in NullLogic Groupware 1.2.7, when PostgreSQL is used, might allow remote attackers to execute arbitrary code via input to the (1) POP3, (2) SMTP, or (3) web component that triggers a long S... Read more

    Affected Products : nulllogic_groupware
    • Published: Jul. 07, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2013-1933

    The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename.... Read more

    Affected Products : ruby karteek-docsplit
    • Published: Apr. 25, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2007-2526

    Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewer ActiveX control (scvncctrl.dll) in the SmartCode VNC Manager 3.6 allows remote attackers to execute arbitrary code via a long argument.... Read more

    Affected Products : vnc_manager
    • Published: May. 08, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2010-3916

    Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3915.... Read more

    Affected Products : ichitaro
    • Published: Nov. 06, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2009-1806

    Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.4.0 SP2, when Active Memory Sharing is used, has unknown impact and attack vectors, related to a shared memory partition and a shared memory pool with redundant paging Virtual ... Read more

    Affected Products : hardware_management_console
    • Published: May. 28, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-2133

    In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitat... Read more

    Affected Products : android
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-3797

    The Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28085680 and Qualcomm internal bug CR1001450.... Read more

    Affected Products : android
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292803 Results