Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2017-8208

    The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user ... Read more

    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2010-1912

    The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to bypass intended restrictions on ActiveX execution via "instantiation/free attacks."... Read more

    • Published: May. 12, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2017-9648

    An Uncontrolled Search Path Element issue was discovered in Solar Controls WATTConfig M Software Version 2.5.10.1 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary code on a target syste... Read more

    Affected Products : wattconfig_m
    • Published: Aug. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2016-2493

    The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 26571522.... Read more

    Affected Products : android
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2009-2356

    Multiple stack-based buffer overflows in the pgsqlQuery function in NullLogic Groupware 1.2.7, when PostgreSQL is used, might allow remote attackers to execute arbitrary code via input to the (1) POP3, (2) SMTP, or (3) web component that triggers a long S... Read more

    Affected Products : nulllogic_groupware
    • Published: Jul. 07, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2013-1933

    The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename.... Read more

    Affected Products : ruby karteek-docsplit
    • Published: Apr. 25, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2007-2526

    Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewer ActiveX control (scvncctrl.dll) in the SmartCode VNC Manager 3.6 allows remote attackers to execute arbitrary code via a long argument.... Read more

    Affected Products : vnc_manager
    • Published: May. 08, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2010-3916

    Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3915.... Read more

    Affected Products : ichitaro
    • Published: Nov. 06, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2009-1806

    Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.4.0 SP2, when Active Memory Sharing is used, has unknown impact and attack vectors, related to a shared memory partition and a shared memory pool with redundant paging Virtual ... Read more

    Affected Products : hardware_management_console
    • Published: May. 28, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-2133

    In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitat... Read more

    Affected Products : android
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-3797

    The Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28085680 and Qualcomm internal bug CR1001450.... Read more

    Affected Products : android
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2017-2190

    Untrusted search path vulnerability in RW-4040 tool to verify execution environment for Windows 7 version 1.2.0.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : rw-4040
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2009-4549

    Stack-based buffer overflow in A2 Media Player Pro 2.51 allows remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .m3l playlist file.... Read more

    Affected Products : a2_media_player_pro
    • Published: Jan. 04, 2010
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-1987

    In onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Androi... Read more

    Affected Products : android
    • Published: Feb. 28, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-4754

    Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.... Read more

    Affected Products : audio_player
    • Published: Mar. 29, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2009-4850

    The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe file.... Read more

    Affected Products : awakening_winds3d_viewer_plugin
    • Published: May. 07, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    CRITICAL
    CVE-2020-36164

    An issue was discovered in Veritas Enterprise Vault through 14.0. On start-up, it loads the OpenSSL library. The OpenSSL library then attempts to load the openssl.cnf configuration file (which does not exist) at the following locations in both the System ... Read more

    Affected Products : windows enterprise_vault
    • Published: Jan. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-36169

    An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCenter through 8.3.0.1. Processes using OpenSSL attempt to load and execute libraries from paths that do not exist by default on the Windows operating system. By default, on Windows syste... Read more

    Affected Products : windows netbackup opscenter
    • Published: Jan. 06, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-8999

    In TrustZone a buffer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel while loading an ELF file.... Read more

    Affected Products : android
    • Published: May. 16, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2020-4433

    Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker with intimate knowledge of the server to execute arbitrary code on the system with the privileges of ro... Read more

    • Published: Jun. 10, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292870 Results