Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2009-4148

    DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a (1) .ds, (2) .dsa, (3) .dse, or (4) .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script inj... Read more

    Affected Products : daz_studio
    • Published: Dec. 04, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2020-28251

    NETSCOUT AirMagnet Enterprise 11.1.4 build 37257 and earlier has a sensor escalated privileges vulnerability that can be exploited to provide someone with administrative access to a sensor, with credentials to invoke a command to provide root access to th... Read more

    • Published: Dec. 03, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-6774

    Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system.... Read more

    • Published: May. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-54152

    Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex (u... Read more

    Affected Products : angular-expressions
    • Published: Dec. 10, 2024
    • Modified: Dec. 10, 2024

  • 9.3

    HIGH
    CVE-2011-4052

    Stack-based buffer overflow in CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 allows remote attackers to execute arbitrary code via a crafted 0x15 (aka Remove File) operation for a file with a long nam... Read more

    Affected Products : web_studio indusoft_web_studio
    • Published: Dec. 05, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    CRITICAL
    CVE-2024-2421

    LenelS2 NetBox access control and event monitoring system was discovered to contain an unauthenticated RCE in versions prior to and including 5.6.1, which allows an attacker to execute malicious commands with elevated permissions.... Read more

    Affected Products :
    • Published: May. 30, 2024
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-30995

    Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.... Read more

    • Published: May. 03, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31531

    The dainst/cilantro repository through 0.0.4 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : cilantro
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31563

    The whmacmac/vprj repository through 2022-04-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : vprj
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31568

    The Rexians/rex-web repository through 2022-06-05 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : rex-web
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-8387

    An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF with an object encoded w/ multiple encoding types terminating with an LZW encoded type, an overflow may occur due to a lack of bounds checking by ... Read more

    Affected Products : argus
    • Published: Feb. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2018-11458

    A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated VNC server on port 5900/tcp of the affected pr... Read more

    • Published: Dec. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-35055

    MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software... Read more

    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31548

    The nrlakin/homepage repository through 2017-03-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : homepage
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31552

    The project-anuvaad/anuvaad-corpus repository through 2020-11-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : anuvaad-corpus
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31556

    The rusyasoft/TrainEnergyServer repository through 2017-08-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : trainenergyserver
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-5073

    Heap-based buffer overflow in an ActiveX control in Novell ZENworks Desktop Management 6.5 allows remote attackers to execute arbitrary code via a long argument to the CanUninstall method.... Read more

    Affected Products : zenworks_desktop_management
    • Published: Nov. 14, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2020-3925

    A Remote Code Execution(RCE) vulnerability exists in some designated applications in ServiSign security plugin, as long as the interface is captured, attackers are able to launch RCE and executes arbitrary command on target system via malicious crafted sc... Read more

    Affected Products : windows servisign
    • Published: Feb. 03, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-33232

    Memory corruption due to buffer copy without checking size of input while running memory sharing tests with large scattered memory.... Read more

    • Published: Feb. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-9551

    In CAacDecoder_Init of aacdecoder.cpp, there is a possible out-of-bound write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploi... Read more

    Affected Products : android
    • Published: Dec. 06, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293259 Results