Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2012-1661

    ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file.... Read more

    Affected Products : arcgis arcmap
    • EPSS Score: %11.82
    • Published: Jul. 12, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2009-3930

    Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow.... Read more

    Affected Products : file file
    • EPSS Score: %0.88
    • Published: Nov. 10, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2012-0188

    Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX control in mraboutb.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document.... Read more

    • EPSS Score: %8.59
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2016-6783

    An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. ... Read more

    Affected Products : android
    • EPSS Score: %0.05
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2009-4480

    Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.16 through 8.11. NOTE: as of 20091229, thi... Read more

    Affected Products : daqfactory
    • EPSS Score: %4.08
    • Published: Dec. 30, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-9686

    pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name ... Read more

    Affected Products : pacman
    • EPSS Score: %0.52
    • Published: Mar. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-4757

    Stack-based buffer overflow in BrotherSoft EW-MusicPlayer 0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: some of these details a... Read more

    Affected Products : ew-musicplayer
    • EPSS Score: %5.57
    • Published: Mar. 29, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-0341

    Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox allows remote attackers to execute arbitrary code via a crafted web site.... Read more

    Affected Products : firefox mupdf
    • EPSS Score: %2.31
    • Published: May. 13, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2009-2484

    Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arb... Read more

    Affected Products : vlc_media_player windows
    • EPSS Score: %68.59
    • Published: Jul. 16, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-5552

    Integer overflow in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, ... Read more

    Affected Products : ios
    • EPSS Score: %1.60
    • Published: Oct. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-0182

    Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in a File line in a .pls file, as demonstrated by an http URL on a File1 line.... Read more

    Affected Products : vuplayer
    • EPSS Score: %5.68
    • Published: Jan. 20, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-2770

    Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote SMTP servers to execute arbitrary code via a long SMTP reply. NOTE: the user must click through a warning about a possible buffer overflow exploit to trigger this issue.... Read more

    Affected Products : eudora
    • EPSS Score: %4.53
    • Published: May. 21, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2014-9937

    In TrustZone a buffer overflow vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: May. 16, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2020-7863

    A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validation of the parameter of the specific method. An attacker c... Read more

    Affected Products : raon_k_upload
    • EPSS Score: %0.44
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2023-43538

    Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.... Read more

    • Published: Jun. 03, 2024
    • Modified: Jan. 27, 2025

  • 9.3

    HIGH
    CVE-2013-3928

    Stack-based buffer overflow in the ReadFile function in flt_BMP.dll in Chasys Draw IES before 4.11.02 allows remote attackers to execute arbitrary code via crafted biPlanes and biBitCount fields in a BMP file.... Read more

    Affected Products : chasys_draw_ies
    • EPSS Score: %76.87
    • Published: Mar. 11, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    CRITICAL
    CVE-2022-31504

    The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : baiduwenkuspider_flaskweb
    • EPSS Score: %0.43
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31515

    The Delor4/CarceresBE repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : carceresbe
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31528

    The bonn-activity-maps/bam_annotation_tool repository through 2021-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31535

    The freefood89/Fishtank repository through 2015-06-24 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : fishtank
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 291804 Results