Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2010-2331

    Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 allows remote attackers to execute arbitrary code via a long HEAD request.... Read more

    Affected Products : isharer_file_sharing_wizard
    • EPSS Score: %7.44
    • Published: Jun. 18, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2021-30355

    Amazon Kindle e-reader prior to and including version 5.13.4 improperly manages privileges, allowing the framework user to elevate privileges to root.... Read more

    Affected Products : kindle_firmware kindle
    • EPSS Score: %0.23
    • Published: Sep. 01, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-3871

    Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and possibly other versions before 9.3.3.2685, allow user-assisted attackers to execute arbitrary code via format string specifiers in the filename of a (1) DAA or (2) ISZ file.... Read more

    Affected Products : ultraiso
    • EPSS Score: %0.90
    • Published: Apr. 01, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-4012

    An exploitable buffer overflow vulnerability exists in the HTTP header-parsing function of the Webroot BrightCloud SDK. The function bc_http_read_header incorrectly handles overlong headers, leading to arbitrary code execution. An unauthenticated attacker... Read more

    Affected Products : brightcloud
    • EPSS Score: %3.51
    • Published: Jan. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2019-20606

    An issue was discovered on Samsung mobile devices with any (before May 2019) software. A phishing attack against OMACP can change the network and internet settings. The Samsung ID is SVE-2019-14073 (May 2019).... Read more

    Affected Products : android
    • EPSS Score: %0.10
    • Published: Mar. 24, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-0412

    An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to ele... Read more

    Affected Products : android
    • EPSS Score: %1.06
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2016-10576

    Fuseki server wrapper and management API in fuseki before 1.0.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attac... Read more

    Affected Products : fuseki
    • EPSS Score: %0.77
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10584

    dalek-browser-chrome-canary provides Google Chrome bindings for DalekJS. dalek-browser-chrome-canary downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out ... Read more

    Affected Products : dalekjs
    • EPSS Score: %0.55
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2014-0781

    Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via crafted UDP packets.... Read more

    • EPSS Score: %5.25
    • Published: Mar. 14, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2019-2107

    In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Pro... Read more

    Affected Products : android
    • EPSS Score: %44.30
    • Published: Jul. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-2176

    In ihevcd_parse_buffering_period_sei of ihevcd_parse_headers.c in Android 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User ... Read more

    Affected Products : android
    • EPSS Score: %0.18
    • Published: Sep. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-37569

    MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle IEEE 1905 protocols. (Affected Chipsets MT7603E, MT7613, MT7615, MT7622, MT7628, MT7629, MT7915; Affected Software Versions 2.0.2; Out-of-bounds write).... Read more

    • EPSS Score: %0.55
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-37561

    MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle the WPS (Wi-Fi Protected Setup) protocol. (Affected Chipsets MT7603E, MT7610, MT7612, MT7613, MT7615, MT7620, MT7622, MT7628, MT7629, MT7915; Affected Software... Read more

    • EPSS Score: %0.55
    • Published: Dec. 26, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2022-24058

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a maliciou... Read more

    Affected Products : dicom_viewer_pro
    • EPSS Score: %0.67
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-32498

    SICK SOPAS ET before version 4.8.0 allows attackers to manipulate the pathname of the emulator and use path traversal to run an arbitrary executable located on the host system. When the user starts the emulator from SOPAS ET the corresponding executable w... Read more

    Affected Products : sopas_engineering_tool
    • EPSS Score: %0.13
    • Published: Dec. 17, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2010-3914

    Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ... Read more

    Affected Products : gvim
    • EPSS Score: %3.54
    • Published: Nov. 03, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-4025

    Unspecified vulnerability in Doc Viewer in HP Palm webOS 1.4.1 allows remote attackers to execute arbitrary code via a crafted document, as demonstrated by a Word document.... Read more

    Affected Products : palm_webos
    • EPSS Score: %6.68
    • Published: Oct. 28, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    CRITICAL
    CVE-2021-41161

    Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don't properly escape the user supplied parameters, allowing for javascript injection into rendered csv files. Users are advised to upgrade. There... Read more

    Affected Products : itop
    • EPSS Score: %0.30
    • Published: Apr. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-5841

    dcc_curr_list is initialized with a default invalid value that is expected to be programmed by the user through a sysfs node which could lead to an invalid access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using th... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jun. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-22712

    A CWE-119:Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Interactive Graphical SCADA System (IGSS) Definition (Def.exe) V15.0.0.21041 and prior, which could result in arbitrary read or write conditions when... Read more

    • EPSS Score: %0.13
    • Published: Mar. 11, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292124 Results