Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2017-2190

    Untrusted search path vulnerability in RW-4040 tool to verify execution environment for Windows 7 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : rw-4040
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2009-4549

    Stack-based buffer overflow in A2 Media Player Pro 2.51 allows remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .m3l playlist file.... Read more

    Affected Products : a2_media_player_pro
    • Published: Jan. 04, 2010
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-1987

    In onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Androi... Read more

    Affected Products : android
    • Published: Feb. 28, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-4754

    Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.... Read more

    Affected Products : audio_player
    • Published: Mar. 29, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2009-4850

    The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe file.... Read more

    Affected Products : awakening_winds3d_viewer_plugin
    • Published: May. 07, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    CRITICAL
    CVE-2020-36164

    An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL library. The OpenSSL library then attempts to load the openssl.cnf configuration file (which does not exist) at the following locations in both the System ... Read more

    Affected Products : windows enterprise_vault
    • Published: Jan. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-36169

    An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows syste... Read more

    Affected Products : windows netbackup opscenter
    • Published: Jan. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-8999

    In TrustZone a buffer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel while loading an ELF file.... Read more

    Affected Products : android
    • Published: May. 16, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2020-4433

    Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker with intimate knowledge of the server to execute arbitrary code on the system with the privileges of ro... Read more

    • Published: Jun. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-4545

    IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbitrary code on the system, caused by improper loading of Dynamic Link Libraries by the import feature. By persuading a victim to open a specially-crafted .DLL file, an attacker could exp... Read more

    Affected Products : aspera_connect
    • Published: Sep. 04, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-6499

    Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account (in viewpoint-portal\conf\server.xml) that could potentially be exploited by malicious users to compromise the affected syste... Read more

    Affected Products : viewpoint
    • Published: Jan. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31462

    Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data.... Read more

    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-7384

    Rapid7's Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim's machine.... Read more

    Affected Products : metasploit
    • Published: Oct. 29, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-8722

    Multiple issues in ld64 in the Xcode toolchains were addressed by updating to version ld64-507.4. This issue is fixed in Xcode 11.0. Compiling code without proper input validation could lead to arbitrary code execution with user privilege.... Read more

    Affected Products : xcode
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-8028

    A Improper Access Control vulnerability in the configuration of salt of SUSE Linux Enterprise Module for SUSE Manager Server 4.1, SUSE Manager Proxy 4.0, SUSE Manager Retail Branch Server 4.0, SUSE Manager Server 3.2, SUSE Manager Server 4.0 allows local ... Read more

    Affected Products : manager_server salt-netapi-client
    • Published: Sep. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-15528

    An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a game because of weak file permissions and missing file integrity checks.... Read more

    Affected Products : galaxy
    • Published: Jul. 05, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-13404

    The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27 directory, which makes it easier for local users to deploy Trojan horse code. (This also affects old 3.x releases before 3.5.) NOTE: the vendor's position is that it is the... Read more

    Affected Products : python windows
    • Published: Jul. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-15415

    A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected softwa... Read more

    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2021-20791

    Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the isolated environment or settings of the web browser via... Read more

    Affected Products : revoworks_browser
    • Published: Sep. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-15476

    An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and WiFi Button Plus before 2.73. The SSL/TLS server certifi... Read more

    • Published: Aug. 30, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results