Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2020-15271

    In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in "terminal" and "file_loader" extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on t... Read more

    Affected Products : lookatme
    • EPSS Score: %0.36
    • Published: Oct. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-1439

    PHP remote file inclusion vulnerability in ressourcen/dbopen.php in bitesser MySQL Commander 2.7 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the home parameter.... Read more

    Affected Products : mysql_commander
    • EPSS Score: %7.98
    • Published: Mar. 13, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2021-40157

    A user may be tricked into opening a malicious FBX file which may exploit an Untrusted Pointer Dereference vulnerability in FBX’s Review version 1.5.0 and prior causing it to run arbitrary code on the system.... Read more

    Affected Products : fbx_review
    • EPSS Score: %0.14
    • Published: Sep. 15, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2010-3397

    Untrusted search path vulnerability in PGP Desktop 9.9.0 Build 397, 9.10.x, 10.0.0 Build 2732, and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ts... Read more

    Affected Products : desktop
    • EPSS Score: %2.28
    • Published: Sep. 15, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2014-9799

    The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that leverages incorrect compiler o... Read more

    Affected Products : android
    • EPSS Score: %0.07
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2476

    mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 does not validate OMX buffer sizes, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or S... Read more

    Affected Products : android
    • EPSS Score: %0.07
    • Published: Jun. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2007-1628

    Multiple PHP remote file inclusion vulnerabilities in Study planner (Studiewijzer) 0.15 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the SPL_CFG[dirroot] parameter to (1) service.alert.in... Read more

    Affected Products : studiewijzer
    • EPSS Score: %9.04
    • Published: Mar. 23, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-16364

    A serialization vulnerability in Zoho ManageEngine Applications Manager before build 13740 allows for remote code execution on Windows via a payload on an SMB share.... Read more

    • EPSS Score: %2.36
    • Published: Sep. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-7283

    The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.... Read more

    Affected Products : nbg-418n_firmware nbg-418n
    • EPSS Score: %1.58
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2017-14591

    Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software.... Read more

    Affected Products : crucible fisheye
    • EPSS Score: %0.65
    • Published: Nov. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2020-4468

    IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability t... Read more

    Affected Products : windows i2_analysts_notebook
    • EPSS Score: %1.32
    • Published: May. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-1107

    Multiple stack-based buffer overflows in the Danske Bank e-Sec Control Module ActiveX control (DanskeSikker.ocx) 3.1.0.48, and possibly earlier versions, allow remote attackers to execute arbitrary code via long arguments to unspecified methods, which are... Read more

    Affected Products : danskesikker.ocx
    • EPSS Score: %6.22
    • Published: Apr. 17, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2013-2019

    Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers to have unspecified impact via multiple file_signature elements.... Read more

    Affected Products : boinc boinc boinc_client
    • EPSS Score: %1.61
    • Published: Jun. 02, 2014
    • Modified: Jul. 08, 2025

  • 9.3

    HIGH
    CVE-2007-2283

    Buffer overflow in Fresh View 7.15 allows user-assisted remote attackers to execute arbitrary code via a crafted .PSP file.... Read more

    Affected Products : freshview
    • EPSS Score: %8.84
    • Published: Apr. 26, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2015-8088

    Heap-based buffer overflow in the HIFI driver in Huawei Mate 7 phones with software MT7-UL00 before MT7-UL00C17B354, MT7-TL10 before MT7-TL10C00B354, MT7-TL00 before MT7-TL00C01B354, and MT7-CL00 before MT7-CL00C92B354 and P8 phones with software GRA-TL00... Read more

    Affected Products : mate_7_firmware p8_firmware p8 mate_7
    • EPSS Score: %0.80
    • Published: Jan. 12, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2018-0692

    Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : spark_browser
    • EPSS Score: %0.17
    • Published: Nov. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-1490

    Buffer overflow in a certain Aurigma ActiveX control in ImageUploader4.ocx 4.1.36.0, as used with Piczo (aka Pizco) and possibly other online services, allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a long Ac... Read more

    • EPSS Score: %4.16
    • Published: Mar. 25, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2017-18614

    The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter.... Read more

    Affected Products : kama_click_counter
    • EPSS Score: %0.75
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-2601

    Buffer overflow in a certain ActiveX control in the GDivX Zenith Player AviFixer class in fix.dll 1.0.0.1 allows remote attackers to execute arbitrary code via a long SetInputFile property value.... Read more

    Affected Products : gdivx_zenith_player
    • EPSS Score: %4.69
    • Published: May. 11, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-5709

    Stack-based buffer overflow in Sony SonicStage CONNECT Player (CP) 4.3 allows remote attackers to execute arbitrary code via a long file name in an M3U file.... Read more

    Affected Products : sonicstage_connect_player
    • EPSS Score: %10.73
    • Published: Oct. 30, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 292110 Results