Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2009-2261

    PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command.... Read more

    Affected Products : peazip
    • EPSS Score: %70.59
    • Published: Jun. 30, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-2396

    PHP remote file inclusion vulnerability in template/album.php in DM Albums 1.9.2, as used standalone or as a WordPress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter.... Read more

    Affected Products : wordpress dm_album
    • EPSS Score: %1.89
    • Published: Jul. 09, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-0649

    Untrusted search path vulnerability in the installers of multiple Canon IT Solutions Inc. software programs (ESET Smart Security Premium, ESET Internet Security, ESET Smart Security, ESET NOD32 Antivirus, DESlock+ Pro, and CompuSec (all programs except pa... Read more

    • EPSS Score: %0.14
    • Published: Sep. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2023-4088

    Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a ... Read more

    • EPSS Score: %0.03
    • Published: Sep. 20, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-8507

    mediaserver in Android 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24157524, a different vulnerability than CVE-2015-6616, CVE-2015-850... Read more

    Affected Products : android
    • EPSS Score: %0.93
    • Published: Dec. 08, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2009-2784

    Multiple directory traversal vulnerabilities in dit.cms 1.3, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path parameter to index.php in (1) install/, (2) menus/left_rights... Read more

    Affected Products : dit.cms
    • EPSS Score: %0.84
    • Published: Aug. 17, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2015-7717

    mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596.... Read more

    Affected Products : android
    • EPSS Score: %0.21
    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2021-0514

    In several functions of the V8 library, there is a possible use after free due to a race condition. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for expl... Read more

    Affected Products : android
    • EPSS Score: %2.01
    • Published: Jul. 14, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-0002

    In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation Product: Android ... Read more

    Affected Products : android
    • EPSS Score: %0.29
    • Published: Jan. 08, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-3658

    Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via a malformed argument to the SetSuperBuddy method.... Read more

    Affected Products : superbuddy_activex_control
    • EPSS Score: %22.02
    • Published: Oct. 09, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-3737

    The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document.... Read more

    • EPSS Score: %6.88
    • Published: Aug. 17, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2018-1000118

    Github Electron version Electron 1.8.2-beta.4 and earlier contains a Command Injection vulnerability in Protocol Handler that can result in command execute. This attack appear to be exploitable via the victim opening an electron protocol handler in their ... Read more

    Affected Products : electron
    • EPSS Score: %4.78
    • Published: Mar. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2012-1661

    ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map (.mxd) file.... Read more

    Affected Products : arcgis arcmap
    • EPSS Score: %11.82
    • Published: Jul. 12, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2009-3930

    Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow.... Read more

    Affected Products : file file
    • EPSS Score: %0.88
    • Published: Nov. 10, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2012-0188

    Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX control in mraboutb.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document.... Read more

    • EPSS Score: %8.59
    • Published: Jan. 18, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2016-6783

    An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. ... Read more

    Affected Products : android
    • EPSS Score: %0.05
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2009-4480

    Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.16 through 8.11. NOTE: as of 20091229, thi... Read more

    Affected Products : daqfactory
    • EPSS Score: %4.08
    • Published: Dec. 30, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-9686

    pacman before 5.1.3 allows directory traversal when installing a remote package via a specified URL "pacman -U <url>" due to an unsanitized file name received from a Content-Disposition header. pacman renames the downloaded package file to match the name ... Read more

    Affected Products : pacman
    • EPSS Score: %0.52
    • Published: Mar. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-4757

    Stack-based buffer overflow in BrotherSoft EW-MusicPlayer 0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: some of these details a... Read more

    Affected Products : ew-musicplayer
    • EPSS Score: %5.57
    • Published: Mar. 29, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-0341

    Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox allows remote attackers to execute arbitrary code via a crafted web site.... Read more

    Affected Products : firefox mupdf
    • EPSS Score: %2.31
    • Published: May. 13, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 292099 Results