Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2022-31545

    The ml-inory/ModelConverter repository through 2021-04-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : modelconverter
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31547

    The noamezekiel/sphere repository through 2020-05-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : sphere
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31554

    The rohitnayak/movie-review-sentiment-analysis repository through 2017-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : movie-review-sentiment-analysis
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-4840

    Heap-based buffer overflow in the IAManager ActiveX control in IAManager.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the SetIAPlayerName method.... Read more

    Affected Products : cineplayer
    • EPSS Score: %5.09
    • Published: May. 06, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2016-8430

    An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device comp... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.26
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2010-0378

    Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is currently being accessed by a script, leading to memory co... Read more

    Affected Products : windows_xp flash_player
    • EPSS Score: %8.20
    • Published: Jan. 21, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2018-7993

    HUAWEI Mate 10 smartphones with versions earlier than ALP-AL00 8.1.0.311 have a use after free vulnerability on mediaserver component. An attacker tricks the user install a malicious application, which make the software to reference memory after it has be... Read more

    Affected Products : mate_10_firmware mate_10
    • EPSS Score: %0.16
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-3935

    PHP remote file inclusion vulnerability in link_main.php in the SupaNav 1.0.0 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.... Read more

    Affected Products : supanav
    • EPSS Score: %0.54
    • Published: Jul. 21, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2016-8783

    Touchscreen drive in Huawei H60 (Honor 6) Versions earlier than H60-L02_6.12.16 and P9 Plus Versions earlier than VIE-AL10BC00B356 has a stack overflow vulnerabilities. An attacker tricks a user into installing a malicious application on the smart phone, ... Read more

    • EPSS Score: %0.06
    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2012-2915

    Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers to execute arbitrary code via a long string in a Value tag in a SymbolicSchematicData definition tag in PAC Design (.pac) file.... Read more

    Affected Products : pac-designer
    • EPSS Score: %66.07
    • Published: May. 21, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    CRITICAL
    CVE-2022-31587

    The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : kg-fashion-chatbot
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-9620

    Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    • EPSS Score: %3.44
    • Published: Jun. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2021-35090

    Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile... Read more

    • EPSS Score: %0.18
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31523

    The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : anakin
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31538

    The joaopedro-fg/mp-m08-interface repository through 2020-12-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : mp-m08-interface
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-41088

    Elvish is a programming language and interactive shell, combined into one package. In versions prior to 0.14.0 Elvish's web UI backend (started by `elvish -web`) hosts an endpoint that allows executing the code sent from the web UI. The backend does not c... Read more

    Affected Products : elvish
    • EPSS Score: %0.24
    • Published: Sep. 23, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-4943

    Multiple buffer overflows in a certain ActiveX control in sparser.dll in Baofeng Storm 2.8 and earlier allow remote attackers to execute arbitrary code via malformed input in an unknown set of arguments or property values, a different DLL than CVE-2007-48... Read more

    Affected Products : storm
    • EPSS Score: %10.82
    • Published: Sep. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2010-0598

    Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt HTTP sessions from operator ... Read more

    • EPSS Score: %0.75
    • Published: May. 27, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2008-1250

    Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the central phone server for the Snom 320 SIP Phone allow remote attackers to perform actions as the phone user, as demonstrated by inserting an address-book entry containi... Read more

    Affected Products : 320_sip_phone
    • EPSS Score: %0.31
    • Published: Mar. 10, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2024-7785

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ece Software Electronic Ticket System allows Reflected XSS, Cross-Site Scripting (XSS).This issue affects Electronic Ticket System: before 2024.08... Read more

    Affected Products :
    • Published: Sep. 19, 2024
    • Modified: Sep. 20, 2024
Showing 20 of 291802 Results