Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2008-0647

    Multiple stack-based buffer overflows in the HanGamePluginCn18.HanGamePluginCn18.1 ActiveX control in HanGamePluginCn18.dll in Ourgame GLWorld 2.6.1.29 (aka Lianzong Game Platform) allow remote attackers to execute arbitrary code via long arguments to the... Read more

    • EPSS Score: %7.15
    • Published: Feb. 07, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2016-6536

    The /setup URI on AVer Information EH6108H+ devices with firmware X9.03.24.00.07l allows remote attackers to bypass intended page-access restrictions or modify passwords by leveraging knowledge of a handle parameter value.... Read more

    Affected Products : eh6108h\+_firmware eh6108h\+
    • EPSS Score: %0.80
    • Published: Sep. 19, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-6598

    BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET remoting file storage service (FileStorageService) on port 9010. This service contains a method that allows uploading a file to an arbitrary path on the machine that is running Track-It!. ... Read more

    Affected Products : track-it\!
    • EPSS Score: %36.87
    • Published: Jan. 30, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-7112

    A vulnerability has been identified in Firmware variant PROFINET IO for EN100 Ethernet module : All versions < V1.04.01; Firmware variant Modbus TCP for EN100 Ethernet module : All versions < V1.11.00; Firmware variant DNP3 TCP for EN100 Ethernet module :... Read more

    • EPSS Score: %0.52
    • Published: Sep. 06, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2008-0735

    SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the albums parameter.... Read more

    Affected Products : auracms
    • EPSS Score: %0.35
    • Published: Feb. 13, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2004-0636

    Buffer overflow in the goaway function in the aim:goaway URI handler for AOL Instant Messenger (AIM) 5.5, including 5.5.3595, allows remote attackers to execute arbitrary code via a long Away message.... Read more

    Affected Products : instant_messenger
    • EPSS Score: %78.52
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2015-1845

    Buffer overflow in the EntrReadArch function in unzoo might allow remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : unzoo
    • EPSS Score: %10.96
    • Published: May. 19, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-8364

    An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. Object memory can read a network packet that is larger than the space that is available, a Heap-based Buffer Overflow.... Read more

    Affected Products : s7-softplc
    • EPSS Score: %0.65
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-8440

    Possible buffer overflow in SMMU system call. Improper input validation in ADSP SID2CB system call may result in hypervisor memory overwrite. Product: Android. Versions: Kernel 3.18. Android ID: A-31625306. References: QC-CR#1036747.... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.53
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-2767

    Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to "Autocomplete Enabled."... Read more

    Affected Products : triton_ap_email
    • EPSS Score: %0.38
    • Published: Mar. 27, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2008-3116

    Format string vulnerability in dx8render.dll in Snail Game (aka Suzhou Snail Electronic Company) 5th street (aka Hot Step or High Street 5) allows remote attackers to execute arbitrary code via format string specifiers in a chat message.... Read more

    Affected Products : 5th_street high_street_5 hot_step
    • EPSS Score: %5.10
    • Published: Jul. 10, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2015-3823

    libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999.... Read more

    Affected Products : android
    • EPSS Score: %1.04
    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-3869

    libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23036083.... Read more

    Affected Products : android
    • EPSS Score: %1.04
    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-9682

    The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI (/cgi-bin/diagnostics) component respons... Read more

    • EPSS Score: %21.42
    • Published: Feb. 22, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-1000235

    I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised.... Read more

    Affected Products : i_librarian
    • EPSS Score: %11.63
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2014-9387

    SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905.... Read more

    Affected Products : businessobjects
    • EPSS Score: %5.79
    • Published: Dec. 17, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-5995

    Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header.... Read more

    • EPSS Score: %35.70
    • Published: Dec. 31, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2008-3338

    Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker ... Read more

    • EPSS Score: %5.38
    • Published: Aug. 13, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2014-9956

    An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36389611.... Read more

    Affected Products : android
    • EPSS Score: %0.58
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-1262

    The administration panel on the Airspan WiMax ProST 4.1 antenna with 6.5.38.0 software does not verify authentication credentials, which allows remote attackers to (1) upload malformed firmware or (2) bind the antenna to a different WiMAX base station via... Read more

    Affected Products : wimax_prost
    • EPSS Score: %19.59
    • Published: Mar. 10, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 291024 Results