Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2019-1926

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected sof... Read more

    • EPSS Score: %0.30
    • Published: Aug. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-1928

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist because the affected sof... Read more

    • EPSS Score: %0.30
    • Published: Aug. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2011-5170

    Stack-based buffer overflow in Castillo Bueno Systems CCMPlayer 1.5 allows remote attackers to execute arbitrary code via a long track name in an m3u playlist.... Read more

    Affected Products : ccmplayer
    • EPSS Score: %65.59
    • Published: Sep. 15, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2008-3648

    nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.... Read more

    Affected Products : windows_xp
    • EPSS Score: %42.29
    • Published: Aug. 12, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-3702

    Multiple stack-based buffer overflows in the Animation GIF ActiveX control in JComSoft AniGIF.ocx 1.12 and 2.47, as used in products such as SpeedBit Download Accelerator Plus (DAP) 8.6, allow remote attackers to execute arbitrary code via a long argument... Read more

    Affected Products : download_accelerator_plus anigif
    • EPSS Score: %5.98
    • Published: Aug. 15, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-15722

    The Logitech Harmony Hub before version 4.15.206 is vulnerable to OS command injection via the time update request. A remote server or man in the middle can inject OS commands with a properly formatted response.... Read more

    Affected Products : harmony_hub_firmware harmony_hub
    • EPSS Score: %1.43
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-6736

    An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of ... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Nov. 25, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-10297

    In TrustZone in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist.... Read more

    Affected Products : android
    • EPSS Score: %0.03
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2021-23732

    This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arbitrary OS commands on the host system.... Read more

    Affected Products : docker-cli-js
    • EPSS Score: %0.84
    • Published: Nov. 22, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10435

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9625, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450,... Read more

    • EPSS Score: %0.17
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-11457

    A vulnerability has been identified in SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). The integrated web server on port 4842/tcp of the affected pr... Read more

    • EPSS Score: %1.26
    • Published: Dec. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-26912

    NetMotion Mobility before 11.73 and 12.x before 12.02 allows unauthenticated remote attackers to execute arbitrary code as SYSTEM because of Java deserialization in SupportRpcServlet.... Read more

    Affected Products : netmotion_mobility
    • EPSS Score: %35.43
    • Published: Feb. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10591

    Prince is a Node API for executing XML/HTML to PDF renderer PrinceXML via prince(1) CLI. prince downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the r... Read more

    Affected Products : prince
    • EPSS Score: %0.77
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2010-3139

    Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located in the... Read more

    Affected Products : windows
    • EPSS Score: %17.05
    • Published: Aug. 27, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2016-10643

    jstestdriver is a wrapper for Google's jstestdriver. jstestdriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attack... Read more

    Affected Products : jstestdriver
    • EPSS Score: %0.77
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-21817

    NVIDIA Omniverse Launcher contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can get user to browse malicious site, to acquire access tokens allowing them to access resources in other sec... Read more

    • EPSS Score: %0.91
    • Published: Feb. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-2132

    It is possible to overlay the VPN dialog by a malicious application. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Andr... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2010-1273

    Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form values and (2) JSignal arguments, which has unspecified impact and remote attack vectors.... Read more

    Affected Products : wt
    • EPSS Score: %0.40
    • Published: Apr. 06, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2021-35062

    A Shell Metacharacter Injection vulnerability in result.php in DRK Odenwaldkreis Testerfassung March-2021 allow an attacker with a valid token of a COVID-19 test result to execute shell commands with the permissions of the web server.... Read more

    Affected Products : testerfassung testerfassung
    • EPSS Score: %0.31
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2011-4219

    Investintech.com SlimPDF Reader does not prevent faulting-address data from affecting branch selection, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document.... Read more

    Affected Products : slimpdf_reader
    • EPSS Score: %2.79
    • Published: Nov. 01, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 291812 Results