Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2012-2915

    Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers to execute arbitrary code via a long string in a Value tag in a SymbolicSchematicData definition tag in PAC Design (.pac) file.... Read more

    Affected Products : pac-designer
    • EPSS Score: %66.07
    • Published: May. 21, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    CRITICAL
    CVE-2022-31587

    The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : kg-fashion-chatbot
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-9620

    Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    • EPSS Score: %3.44
    • Published: Jun. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2021-35090

    Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile... Read more

    • EPSS Score: %0.18
    • Published: Jun. 14, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31523

    The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : anakin
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2022-31538

    The joaopedro-fg/mp-m08-interface repository through 2020-12-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.... Read more

    Affected Products : mp-m08-interface
    • EPSS Score: %0.41
    • Published: Jul. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-4943

    Multiple buffer overflows in a certain ActiveX control in sparser.dll in Baofeng Storm 2.8 and earlier allow remote attackers to execute arbitrary code via malformed input in an unknown set of arguments or property values, a different DLL than CVE-2007-48... Read more

    Affected Products : storm
    • EPSS Score: %10.82
    • Published: Sep. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2010-0598

    Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not encrypt HTTP sessions from operator ... Read more

    • EPSS Score: %0.75
    • Published: May. 27, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2008-1250

    Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the central phone server for the Snom 320 SIP Phone allow remote attackers to perform actions as the phone user, as demonstrated by inserting an address-book entry containi... Read more

    Affected Products : 320_sip_phone
    • EPSS Score: %0.31
    • Published: Mar. 10, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2024-7785

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ece Software Electronic Ticket System allows Reflected XSS, Cross-Site Scripting (XSS).This issue affects Electronic Ticket System: before 2024.08... Read more

    Affected Products :
    • Published: Sep. 19, 2024
    • Modified: Sep. 20, 2024

  • 9.3

    HIGH
    CVE-2020-4288

    IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnera... Read more

    Affected Products : windows i2_analysts_notebook
    • EPSS Score: %1.32
    • Published: May. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2013-2782

    Schneider Electric Trio J-Series License Free Ethernet Radio with firmware 3.6.0 through 3.6.3 uses the same AES encryption key across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechan... Read more

    Affected Products : tburjr900 tburjr900_firmware
    • EPSS Score: %0.25
    • Published: Aug. 28, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2018-9570

    In impd_parse_drc_ext_v1 of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation... Read more

    Affected Products : android
    • EPSS Score: %0.18
    • Published: Dec. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-9576

    In impd_parse_parametric_drc_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed... Read more

    Affected Products : android
    • EPSS Score: %0.18
    • Published: Dec. 07, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-2846

    BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link.... Read more

    Affected Products : sync
    • EPSS Score: %1.65
    • Published: Apr. 13, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2012-4354

    TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allows remote attackers to execute arbitrary code via a port-46824 TCP packet with a crafted positive integer after the opcode, triggering incorrect fu... Read more

    Affected Products : winlog_lite winlog_pro
    • EPSS Score: %30.76
    • Published: Aug. 19, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-4359

    Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA before 2.07.18 do not validate the return value of the realloc function, which allows remote attackers to cause a denial of service (invalid 0x00 write operation and daemon crash) or pos... Read more

    Affected Products : winlog_lite winlog_pro
    • EPSS Score: %1.68
    • Published: Aug. 19, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-0995

    Stack-based buffer overflow in Internet Download Manager (IDM) before 5.19 allows remote attackers to execute arbitrary code via a crafted FTP URI that causes unspecified "test sequences" to be sent from client to server.... Read more

    Affected Products : internet_download_manager
    • EPSS Score: %5.54
    • Published: May. 06, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2021-37584

    MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software... Read more

    • EPSS Score: %0.55
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-5450

    Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouch) and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service (application crash), and enable filesystem browsing by the local user, via a certain TIFF file.... Read more

    Affected Products : iphone_os safari ipod_touch
    • EPSS Score: %1.81
    • Published: Oct. 14, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 292058 Results