Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2009-3810

    Heap-based buffer overflow in Acoustica MP3 Audio Mixer 2.471 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file.... Read more

    Affected Products : mp3_audio_mixer
    • EPSS Score: %7.58
    • Published: Oct. 27, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-5530

    Ewido Security Suite 4.0, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2)... Read more

    • EPSS Score: %0.29
    • Published: Dec. 12, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-5547

    HAURI ViRobot 2008.12.4.1499 and possibly 2008.9.12.1375, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filena... Read more

    Affected Products : virobot
    • EPSS Score: %0.29
    • Published: Dec. 12, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-4010

    An exploitable code execution vulnerability exists in the connect functionality of ProtonVPN VPN client 1.5.1. A specially crafted configuration file can cause a privilege escalation, resulting in the ability to execute arbitrary commands with the system'... Read more

    Affected Products : protonvpn
    • EPSS Score: %0.54
    • Published: Sep. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-3969

    Stack-based buffer overflow in Faslo Player 7.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file.... Read more

    Affected Products : faslo_player
    • EPSS Score: %4.92
    • Published: Nov. 18, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-5755

    Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows remote attackers to execute arbitrary code via a MAP file containing a long URL, possibly a related issue to CVE-2006-2494.... Read more

    Affected Products : intellitamper
    • EPSS Score: %9.20
    • Published: Dec. 30, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-4186

    Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property.... Read more

    Affected Products : safari windows
    • EPSS Score: %4.30
    • Published: Dec. 03, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-4219

    Stack-based buffer overflow in the MYACTIVEX.MyActiveXCtrl.1 ActiveX control in MyActiveX.ocx 1.4.8.0 in Haihaisoft Universal Player allows remote attackers to execute arbitrary code via a long URL property value. NOTE: some of these details are obtained... Read more

    Affected Products : haihaisoft_universal_player
    • EPSS Score: %6.94
    • Published: Dec. 07, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-4251

    Stack-based buffer overflow in Jasc Paint Shop Pro 8.10 (aka Corel Paint Shop Pro) allows user-assisted remote attackers to execute arbitrary code via a crafted PNG file. NOTE: this might be the same issue as CVE-2007-2366.... Read more

    Affected Products : paint_shop_pro
    • EPSS Score: %7.82
    • Published: Dec. 10, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-5406

    The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. An unauthenticated, remote attacker could exploit this vulnerability to perform sensitive acti... Read more

    • EPSS Score: %16.60
    • Published: Jun. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-2211

    Untrusted search path vulnerability in PatchJGD (Hyoko) (PatchJGDh101.EXE) ver. 1.0.1 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : patchjgd
    • EPSS Score: %0.14
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2012-4858

    IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before IF2, 10.1.1 before IF2, and 10.2 before IF1 does not properly validate Java serialized input, which allows remote attackers to execute arbitrary commands via unspecified vectors.... Read more

    Affected Products : cognos_business_intelligence
    • EPSS Score: %1.95
    • Published: Mar. 05, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2018-5846

    A Use After Free condition can occur in the IPA driver whenever the IPA IOCTLs IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_ADD/IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_DEL/IPA_IOC_NOTIFY_WAN_EMBMS_CONNECTED are called in all Android releases from CAF (Android for MSM, Fir... Read more

    Affected Products : android
    • EPSS Score: %0.05
    • Published: Jun. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-2725

    Bastet in P10 Plus and P10 smart phones with software earlier than VKY-AL00C00B123 versions, earlier than VTR-AL00C00B123 versions have a buffer overflow vulnerability. An attacker with the root privilege of an Android system may trick a user into install... Read more

    • EPSS Score: %0.17
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2008-6731

    Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the renamed file in linkpho... Read more

    Affected Products : flexphplink
    • EPSS Score: %3.29
    • Published: Apr. 20, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-6318

    In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context of the application used to test an exploit or ransomware) the DLL using a payload that runs from NTDLL.DLL (so, it's run in userland), but the driver doesn't perform any validation of th... Read more

    Affected Products : sophos_tester
    • EPSS Score: %0.05
    • Published: Feb. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-5001

    Multiple stack-based buffer overflows in multiple functions in vncviewer/FileTransfer.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allow remote attackers to cause a denial of service (... Read more

    Affected Products : ultravnc ultravnc
    • EPSS Score: %5.54
    • Published: Nov. 10, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-6936

    Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in a pres:// URI, a different vector than CVE-2008-6935.... Read more

    Affected Products : exodus
    • EPSS Score: %2.93
    • Published: Aug. 11, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-7937

    In Huawei HiRouter-CD20-10 with the versions before 1.9.6 and WS5200-10 with the versions before 1.9.6, there is a plug-in signature bypass vulnerability due to insufficient plug-in verification. An attacker may tamper with a legitimate plug-in to build a... Read more

    • EPSS Score: %0.07
    • Published: Sep. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-8930

    The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3.... Read more

    • EPSS Score: %0.60
    • Published: Mar. 22, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291728 Results