Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2008-4749

    Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allow remote attackers to overwrite arbitrary files via (1) the LogFile property and ClearLogFile method, an... Read more

    Affected Products : vimp_x
    • EPSS Score: %2.72
    • Published: Oct. 27, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-5176

    Multiple buffer overflows in Client Software WinCom LPD Total 3.0.2.623 and earlier allow remote attackers to execute arbitrary code via (1) a long 0x02 command to the remote administration service on TCP port 13500 or (2) a long invalid control filename ... Read more

    Affected Products : wincom_mpd_total
    • EPSS Score: %8.20
    • Published: Nov. 20, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-0632

    Unrestricted file upload vulnerability in cp_upload_image.php in LightBlog 9.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the blog's root direct... Read more

    Affected Products : lightblog
    • EPSS Score: %7.84
    • Published: Feb. 06, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-6748

    Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI.... Read more

    Affected Products : megacubo
    • EPSS Score: %7.29
    • Published: Apr. 24, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2011-4644

    Splunk 4.2.5 and earlier, when a Free license is selected, enables potentially undesirable functionality within an environment that intentionally does not support authentication, which allows remote attackers to (1) read arbitrary files via a management-c... Read more

    Affected Products : splunk
    • EPSS Score: %6.66
    • Published: Jan. 03, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2016-10572

    mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an... Read more

    Affected Products : mongodb-instance
    • EPSS Score: %0.77
    • Published: May. 31, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10688

    Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoebius/haxe-npm) haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested reso... Read more

    Affected Products : haxe
    • EPSS Score: %0.77
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10691

    windows-seleniumjar is a module that downloads the Selenium Jar file windows-seleniumjar downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requeste... Read more

    Affected Products : windows-seleniumjar
    • EPSS Score: %0.77
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-1495

    Integer overflow in the graphics drivers in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or g... Read more

    Affected Products : mate_s_firmware mate_s
    • EPSS Score: %0.06
    • Published: Apr. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2452

    codecs/amrnb/dec/SoftAMR.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate buffer sizes, which allows attackers to gain privileges via a crafted applicatio... Read more

    Affected Products : android
    • EPSS Score: %0.07
    • Published: May. 09, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2466

    The Qualcomm sound driver in Android before 2016-06-01 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka internal bug 27947307.... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2481

    The mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 mishandles a buffer count, which allows attackers to gain privileges via a crafted application, as demonstrated ... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2008-0311

    Stack-based buffer overflow in the PGMWebHandler::parse_request function in the StarTeam Multicast Service component (STMulticastService) 6.4 in Borland CaliberRM 2006 allows remote attackers to execute arbitrary code via a large HTTP request.... Read more

    Affected Products : caliberrm
    • EPSS Score: %65.00
    • Published: Apr. 06, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2016-3793

    The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026625.... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3803

    The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28588434.... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3800

    The MediaTek video driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28175027 and MediaTek internal bug ALPS02693739.... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3866

    The Qualcomm sound driver in Android before 2016-09-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28868303 and Qualcomm internal bug CR1032820.... Read more

    Affected Products : android
    • EPSS Score: %0.07
    • Published: Sep. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2004-0259

    The check_referer() function in Formmail.php 5.0 and earlier allows remote attackers to bypass access restrictions via an empty or spoofed HTTP Referer, as demonstrated using an application on the same web server that contains a cross-site scripting (XSS)... Read more

    Affected Products : formmail.php
    • EPSS Score: %0.67
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2016-5234

    Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint control unit devices with software before V500R002C00SPC200 and RSE6500 videoconference devices with software before V500R002C00SPC100, when an unspecified service is enabled, allows remote a... Read more

    • EPSS Score: %1.67
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2014-3444

    The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and application crash) via a malformed .3gp file.... Read more

    Affected Products : realplayer
    • EPSS Score: %25.90
    • Published: May. 20, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 291717 Results