Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2019-5241

    There is a privilege escalation vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50. The attacker can tricking a user to install and run a malicious application to exploit this vulnerability. Successful exploitation may cause the at... Read more

    Affected Products : pcmanager
    • EPSS Score: %0.07
    • Published: Jun. 06, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-4722

    IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute a... Read more

    Affected Products : i2_analysts_notebook
    • EPSS Score: %0.22
    • Published: Oct. 29, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-5288

    P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root pe... Read more

    Affected Products : p30_firmware p30
    • EPSS Score: %0.14
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-5414

    If an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port < 1.3.2.... Read more

    Affected Products : kill-port
    • EPSS Score: %0.51
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2013-4710

    Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (rebo... Read more

    Affected Products : android
    • EPSS Score: %78.99
    • Published: Mar. 03, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2011-0487

    ICQ 7 does not verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a crafted file that is fetched through an automatic-update mechanism.... Read more

    Affected Products : icq
    • EPSS Score: %1.05
    • Published: Jan. 18, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-0498

    Stack-based buffer overflow in Nokia Multimedia Player 1.00.55.5010, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a playlist (.npl) file.... Read more

    Affected Products : multimedia_player
    • EPSS Score: %6.55
    • Published: Jan. 20, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2019-2012

    In rw_t3t_act_handle_fmt_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.P... Read more

    Affected Products : android
    • EPSS Score: %0.14
    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-15529

    An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because of weak file permissions and can be exploited by using opportunisti... Read more

    Affected Products : galaxy
    • EPSS Score: %0.08
    • Published: Jul. 05, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-6761

    An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to ... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.15
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-8234

    In all Android releases from CAF using the Linux kernel, an out of bounds access can potentially occur in a camera function.... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-8253

    In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace.... Read more

    Affected Products : android
    • EPSS Score: %0.09
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    CRITICAL
    CVE-2021-43052

    The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret ... Read more

    Affected Products : ftl
    • EPSS Score: %0.22
    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2011-5288

    Multiple buffer overflows in the ThreeDify.ThreeDifyDesigner.1 ActiveX control in ActiveSolid.dll in ThreeDify Designer 5.0.2 allow remote attackers to execute arbitrary code via a long argument to the (1) cmdExport, (2) cmdImport, (3) cmdOpen, or (4) cmd... Read more

    Affected Products : threedify_designer
    • EPSS Score: %13.24
    • Published: Jan. 01, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    CRITICAL
    CVE-2023-6038

    A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installati... Read more

    Affected Products : h2o
    • EPSS Score: %57.45
    • Published: Nov. 16, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-8204

    The Bastet driver of Honor 9 Huawei smart phones with software of versions earlier than Stanford-AL10C00B175 has a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has t... Read more

    Affected Products : honor_9_firmware honor_9
    • EPSS Score: %0.17
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    CRITICAL
    CVE-2024-1485

    A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archiv... Read more

    • EPSS Score: %0.81
    • Published: Feb. 14, 2024
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-17110

    HEVC Video Extensions Remote Code Execution Vulnerability... Read more

    Affected Products : hevc_video_extensions
    • EPSS Score: %8.06
    • Published: Nov. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-7074

    Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not pr... Read more

    Affected Products : i.scribe
    • EPSS Score: %9.12
    • Published: Aug. 25, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-7079

    Buffer overflow in Nero ShowTime 5.0.15.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a .M3U playlist file. NOTE: this issue might be related to CVE-2008-0619.... Read more

    Affected Products : showtime
    • EPSS Score: %8.46
    • Published: Aug. 25, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 291804 Results