Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2009-1743

    Directory traversal vulnerability in InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to create and overwrite arbitrary files via a filename containing a ..\ (dot dot backsl... Read more

    • EPSS Score: %4.94
    • Published: May. 21, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2015-8307

    The Graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with... Read more

    Affected Products : mate_s_firmware p8_firmware p8 mate_s
    • EPSS Score: %0.05
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-9002

    In TrustZone an out-of-range pointer offset vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: May. 16, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2008-3033

    RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php... Read more

    Affected Products : rss_aggregator
    • EPSS Score: %1.86
    • Published: Jul. 07, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2015-3831

    Buffer overflow in the readAt function in BpMediaHTTPConnection in media/libmedia/IMediaHTTPConnection.cpp in the mediaserver service in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted application, aka internal bug 194... Read more

    Affected Products : android
    • EPSS Score: %0.46
    • Published: Oct. 01, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-10338

    In all Android releases from CAF using the Linux kernel, there was an issue related to RPMB processing.... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2016-10681

    roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping o... Read more

    Affected Products : roslibjs
    • EPSS Score: %0.77
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-4396

    Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) xmms.pl 2.0, (6) xmms2.pl 1.1.3, and (7) xmmsinfo.pl 1.1.1.1 scripts for irssi before 0.8.11 allow user-assisted remote attack... Read more

    Affected Products : irssi
    • EPSS Score: %1.65
    • Published: Aug. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2004-1441

    Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power 2.04PF allows remote attackers to inject arbitrary web script or HTML via the action parameter.... Read more

    Affected Products : board_power
    • EPSS Score: %3.30
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2008-3879

    The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 and earlier in Ultra Shareware Ultra Office Control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open me... Read more

    Affected Products : ultra_office_control
    • EPSS Score: %7.99
    • Published: Sep. 02, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-3956

    orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file.... Read more

    Affected Products : organization_chart
    • EPSS Score: %33.60
    • Published: Sep. 11, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-3971

    Heap-based buffer overflow in the open_man_file function in callbacks.c in gmanedit 0.4.1 allows remote attackers to execute arbitrary code via a crafted man page, which is not properly handled during utf8 conversion. NOTE: another overflow was reported ... Read more

    Affected Products : gmanedit
    • EPSS Score: %4.25
    • Published: Sep. 11, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2015-5014

    IBM Cognos Disclosure Management (CDM) 10.1.x and 10.2.x before 10.2.4 IF10 allows man-in-the-middle attackers to obtain access by spoofing an executable file during a client upload operation.... Read more

    Affected Products : cognos_disclosure_management
    • EPSS Score: %0.47
    • Published: Oct. 26, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2017-14743

    Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL injection via the Username element in an XML document to /onvif/device_service, as demonstrated by reading the admin password.... Read more

    Affected Products : fsc-880_firmware fsc-880
    • EPSS Score: %0.45
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2009-2362

    Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.0.0.215 allows remote attackers to execute arbitrary code via a long string in a (1) .lst or (2) .m3u playlist file.... Read more

    Affected Products : audioplus
    • EPSS Score: %24.34
    • Published: Jul. 08, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2014-9962

    In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of a DRM provisioning command.... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2014-9964

    In all Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in debug functionality.... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2009-2617

    Stack-based buffer overflow in medialib.dll in BaoFeng Storm 3.9.62 allows remote attackers to execute arbitrary code via a long pathname in the source attribute of an item element in a .smpl playlist file.... Read more

    Affected Products : storm
    • EPSS Score: %6.69
    • Published: Jul. 27, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-3176

    Buffer overflow in the ActiveX control in Novell iPrint Client 4.38 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professi... Read more

    Affected Products : iprint
    • EPSS Score: %5.40
    • Published: Sep. 11, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2017-6223

    Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ZD9.10.x, ZD9.13.0.x less than 9.13.0.0.232 contain OS Command Injection vulnerabilities in the ping functionality that could allow local authenticated users to execute arbitrary privileg... Read more

    • EPSS Score: %1.24
    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291812 Results