Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2017-10893

    Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software" Ver3.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    • EPSS Score: %0.11
    • Published: Dec. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-11015

    In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, currently, the value of SIR_MAC_AUTH_CHALLENGE_LENGTH is set to 128 which may result in buffer overflow since the frame parser allows challenge... Read more

    Affected Products : android
    • EPSS Score: %0.11
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-11041

    In all Qualcomm products with Android releases from CAF using the Linux kernel, an output buffer is accessed in one thread and can be potentially freed in another.... Read more

    Affected Products : android
    • EPSS Score: %0.14
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-11069

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, manipulation of SafeSwitch Image data can result in Heap overflow.... Read more

    Affected Products : android
    • EPSS Score: %0.07
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-10954

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security Internet Security 2018 prior to build 7.72918. User interaction is required to exploit this vulnerability in that the target ... Read more

    Affected Products : internet_security_2018
    • EPSS Score: %6.34
    • Published: Oct. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2015-8889

    The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm internal bug CR804067.... Read more

    Affected Products : android
    • EPSS Score: %0.14
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2017-13228

    In function ih264d_ref_idx_reordering of libavc, there is an out-of-bounds write due to modCount being defined as an unsigned character. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed fo... Read more

    Affected Products : android
    • EPSS Score: %0.46
    • Published: Feb. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-9006

    In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist.... Read more

    Affected Products : android
    • EPSS Score: %0.03
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-14263

    Honeywell NVR devices allow remote attackers to create a user account in the admin group by leveraging access to a guest account to obtain a session ID, and then sending that session ID in a userManager.addUser request to the /RPC2 URI. The attacker can l... Read more

    • EPSS Score: %24.42
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-15849

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a LayerStack can be destroyed in between Validate and Commit by the application resulting in a Use After Free condition.... Read more

    Affected Products : android
    • EPSS Score: %0.10
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10666

    tomita-parser is a Node wrapper for Yandex Tomita Parser tomita-parser downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with a... Read more

    Affected Products : tomita-parser
    • EPSS Score: %0.77
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10679

    selenium-standalone-painful installs a start-selenium command line to start a standalone selenium server with chrome-driver. selenium-standalone-painful downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible t... Read more

    Affected Products : selenium-standalone-painful
    • EPSS Score: %0.77
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-3364

    Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.... Read more

    Affected Products : officescan officescan
    • EPSS Score: %48.65
    • Published: Jul. 30, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2015-5474

    BitTorrent and uTorrent allow remote attackers to inject command line parameters and execute arbitrary commands via a crafted URL using the (1) bittorrent or (2) magnet protocol.... Read more

    Affected Products : utorrent bittorrent
    • EPSS Score: %1.22
    • Published: Aug. 13, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2018-20106

    In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root t... Read more

    Affected Products : yast2-printer
    • EPSS Score: %0.14
    • Published: Mar. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-3156

    The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method.... Read more

    Affected Products : panda_activescan
    • EPSS Score: %9.50
    • Published: Jul. 11, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-1703

    Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message.... Read more

    • EPSS Score: %11.65
    • Published: Apr. 11, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-1709

    Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long malformed Project line beginning with a 'Project("{}") =' sequence, probably a different vector t... Read more

    Affected Products : visual_interdev
    • EPSS Score: %35.45
    • Published: Apr. 09, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-2646

    Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.6 and BlackBerry Professional Software 4.1.4 allow user-assisted remote... Read more

    • EPSS Score: %2.64
    • Published: Jul. 30, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-2650

    Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 Build 020124 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .m3u or possibly (2) .pst file.... Read more

    Affected Products : multimedia_jukebox
    • EPSS Score: %61.67
    • Published: Jul. 30, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 291804 Results