Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2011-0500

    Buffer overflow in VideoSpirit Pro 1.6.8.1, 1.68, and earlier; and VideoSpirit Lite 1.4.0.1 and possibly other versions; allows user-assisted remote attackers to execute arbitrary code via a VideoSpirit project (.visprj) file containing a valitem element ... Read more

    Affected Products : videospirit_lite videospirit_pro
    • Published: Jan. 20, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2017-0679

    A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36996978.... Read more

    Affected Products : android
    • Published: Jul. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-0805

    A elevation of privilege vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37237701.... Read more

    Affected Products : android
    • Published: Aug. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2019-1639

    A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected softwa... Read more

    • Published: Jan. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-6082

    Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php.... Read more

    Affected Products : sciurus_hosting_panel
    • Published: Nov. 22, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2013-0859

    The add_doubles_metadata function in libavcodec/tiff.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a negative or zero count value in a TIFF image, which triggers an out-of-bounds array access.... Read more

    Affected Products : ffmpeg
    • Published: Dec. 07, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-1264

    Unspecified vulnerability in Gretech GOM Media Player before 2.1.37.5091 allows remote attackers to execute arbitrary code via a crafted AVI file.... Read more

    Affected Products : gom_media_player
    • Published: Mar. 18, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2018-6268

    NVIDIA Tegra library contains a vulnerability in libnvmmlite_video.so, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges. Android ID: A-80433161.... Read more

    Affected Products : android
    • Published: Feb. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2010-2343

    Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007, and 8.05 allows remote attackers to execute arbitrary code via a crafted pls playlist file.... Read more

    Affected Products : audio_converter
    • Published: Jun. 21, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-4864

    Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted xml file.... Read more

    Affected Products : winlicense
    • Published: Sep. 06, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2016-10581

    Steroids is PhoneGap on Steroids, providing native UI elements, multiple WebViews and enhancements for better developer productivity. steroids downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause re... Read more

    Affected Products : steroids
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-3807

    Stack-based buffer overflow in MixVibes 7.043 Pro allows remote attackers to cause a denial of service (crash) via a long string in a .vib file.... Read more

    Affected Products : mixvibes
    • Published: Oct. 27, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2016-6758

    An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to ... Read more

    Affected Products : android linux_kernel
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2010-2701

    Multiple buffer overflows in the FathFTP ActiveX control 1.7 allow remote attackers to execute arbitrary code via (1) the GetFromURL member or (2) a long argument to the RasIsConnected method.... Read more

    Affected Products : fathftp
    • Published: Jul. 12, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2015-6634

    The display drivers in Android before 5.1.1 LMY48Z allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24163261.... Read more

    Affected Products : android
    • Published: Dec. 08, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2008-2470

    The InstallShield Update Service Agent ActiveX control in isusweb.dll allows remote attackers to cause a denial of service (memory corruption and browser crash) and possibly execute arbitrary code via a call to ExecuteRemote with a URL that results in a 4... Read more

    Affected Products : flexnet_connect
    • Published: Sep. 18, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2011-4053

    Untrusted search path vulnerability in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) before 9.0.0.11291 allows local users to gain privileges via a Trojan horse DLL in the current working directory.... Read more

    Affected Products : igss
    • Published: Jan. 19, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-4731

    ajax.cgi in the web interface on the Choice Wireless Green Packet WIXFMR-111 4G WiMax modem allows remote attackers to execute arbitrary commands via shell metacharacters in the pip parameter in an Ajax tag_ipPing request, a different vulnerability than C... Read more

    Affected Products : wixfmr-111
    • Published: Jun. 30, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2021-23154

    In Lens prior to 5.3.4, custom helm chart configuration creates helm commands from string concatenation of provided arguments which are then executed in the user's shell. Arguments can be provided which cause arbitrary shell commands to run on the system.... Read more

    Affected Products : lens
    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-10829

    Untrusted search path vulnerability in Remote Support Tool (Enkaku Support Tool) All versions distributed through the website till 2017 August 10 allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : enkaku_support_tool
    • Published: Sep. 01, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293280 Results