Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2021-34078

    lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file.... Read more

    Affected Products : lifion-verifiy-dependencies
    • EPSS Score: %1.54
    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-15412

    A vulnerability in the Cisco Webex Network Recording Player for Microsoft Windows and the Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerability exist because the affected softwa... Read more

    • EPSS Score: %0.23
    • Published: Oct. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-10822

    Untrusted search path vulnerability in Installer for Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program (program released on 2013 September 30) distributed on the website until 2017 May 17 allows an attacker to gain privileges via a Trojan horse DLL i... Read more

    • EPSS Score: %0.32
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-10887

    Untrusted search path vulnerability in BOOK WALKER for Windows Ver.1.2.9 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : windows book_walker
    • EPSS Score: %0.14
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2010-3157

    Untrusted search path vulnerability in XacRett before 50 allows attackers to execute arbitrary code via a Trojan horse executable file, related to the explorer.exe filename and use of Windows Explorer.... Read more

    Affected Products : xacrett
    • EPSS Score: %0.85
    • Published: Oct. 19, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2008-4586

    Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 ActiveX control (isusweb.dll 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the DownloadAndExecute m... Read more

    Affected Products : flexnet_connect
    • EPSS Score: %5.94
    • Published: Oct. 15, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2022-31516

    The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : harveyzyh_python
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31584

    The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : s3label
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-15271

    In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on t... Read more

    Affected Products : lookatme
    • EPSS Score: %0.36
    • Published: Oct. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-1439

    PHP remote file inclusion vulnerability in ressourcen/dbopen.php in bitesser MySQL Commander 2.7 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the home parameter.... Read more

    Affected Products : mysql_commander
    • EPSS Score: %7.98
    • Published: Mar. 13, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2021-40157

    A user may be tricked into opening a malicious FBX file which may exploit an Untrusted Pointer Dereference vulnerability in FBX’s Review version 1.5.0 and prior causing it to run arbitrary code on the system.... Read more

    Affected Products : fbx_review
    • EPSS Score: %0.14
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2010-3397

    Untrusted search path vulnerability in PGP Desktop 9.9.0 Build 397, 9.10.x, 10.0.0 Build 2732, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ts... Read more

    Affected Products : desktop
    • EPSS Score: %2.28
    • Published: Sep. 15, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2014-9799

    The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that leverages incorrect compiler o... Read more

    Affected Products : android
    • EPSS Score: %0.14
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2476

    mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or S... Read more

    Affected Products : android
    • EPSS Score: %0.07
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2007-1628

    Multiple PHP remote file inclusion vulnerabilities in Study planner (Studiewijzer) 0.15 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the SPL_CFG[dirroot] parameter to (1) service.alert.in... Read more

    Affected Products : studiewijzer
    • EPSS Score: %9.04
    • Published: Mar. 23, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-16364

    A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share.... Read more

    • EPSS Score: %2.36
    • Published: Sep. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-7283

    The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.... Read more

    Affected Products : nbg-418n_firmware nbg-418n
    • EPSS Score: %1.58
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2017-14591

    Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software.... Read more

    Affected Products : crucible fisheye
    • EPSS Score: %0.65
    • Published: Nov. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2020-4468

    IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability t... Read more

    Affected Products : windows i2_analysts_notebook
    • EPSS Score: %1.32
    • Published: May. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-1107

    Multiple stack-based buffer overflows in the Danske Bank e-Sec Control Module ActiveX control (DanskeSikker.ocx) 3.1.0.48, and possibly earlier versions, allow remote attackers to execute arbitrary code via long arguments to unspecified methods, which are... Read more

    Affected Products : danskesikker.ocx
    • EPSS Score: %6.22
    • Published: Apr. 17, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 291804 Results