Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2021-32671

    Flarum is a forum software for building communities. Flarum's translation system allowed for string inputs to be converted into HTML DOM nodes when rendered. This change was made after v0.1.0-beta.16 (our last beta before v1.0.0) and was not noticed or do... Read more

    Affected Products : flarum
    • EPSS Score: %3.24
    • Published: Jun. 07, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-0318

    The admin page in the Banckle Chat module for Drupal does not properly restrict access, which allows remote attackers to bypass intended restrictions via unspecified vectors.... Read more

    Affected Products : drupal banckle_chat
    • EPSS Score: %1.38
    • Published: Mar. 27, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2023-48426

    u-boot bug that allows for u-boot shell and interrupt over UART ... Read more

    • Published: Apr. 05, 2024
    • Modified: Jul. 24, 2025

  • 10.0

    CRITICAL
    CVE-2024-23615

    A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. ... Read more

    Affected Products : symantec_messaging_gateway
    • EPSS Score: %6.30
    • Published: Jan. 26, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-0839

    post_proc/volume_listener.c in mediaserver in Android 6.x before 2016-04-01 mishandles deleted effect context, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal ... Read more

    Affected Products : android
    • EPSS Score: %1.22
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2024-23622

    A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with SYSTEM privileges. ... Read more

    Affected Products : merge_efilm_workstation
    • EPSS Score: %0.95
    • Published: Jan. 26, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-0474

    In avrc_msg_cback of avrc_api.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Andr... Read more

    Affected Products : android
    • EPSS Score: %3.88
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-3686

    cgi-bin/operator/param in AirLive WL2600CAM and possibly other camera models allows remote attackers to obtain the administrator password via a list action.... Read more

    Affected Products : airlive_wl2600cam
    • EPSS Score: %34.79
    • Published: Oct. 11, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2007-6092

    Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.... Read more

    Affected Products : ingate_firewall ingate_siparator
    • EPSS Score: %0.39
    • Published: Nov. 22, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-3667

    Unspecified vulnerability in Sybase/Financial Fusion Consumer Banking Suite versions before 20060706 has unknown impact and remote attack vectors.... Read more

    • EPSS Score: %0.48
    • Published: Jul. 18, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2007-1697

    PHP remote file inclusion vulnerability in header.inc.php in Philex 0.2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CssFile parameter.... Read more

    Affected Products : philex
    • EPSS Score: %35.19
    • Published: Mar. 27, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-4936

    Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors.... Read more

    Affected Products : moodle
    • EPSS Score: %0.38
    • Published: Sep. 23, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2009-3341

    Buffer overflow on the Linksys WRT54GL wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure ... Read more

    Affected Products : wrt54gl_firmware wrt54gl
    • EPSS Score: %5.28
    • Published: Sep. 24, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2021-25387

    An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.... Read more

    Affected Products : android dex
    • EPSS Score: %0.19
    • Published: Jun. 11, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-1160

    webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782.... Read more

    Affected Products : webspell
    • EPSS Score: %0.98
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-3722

    Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle PeopleSoft Enterprise Portal 8.4 Bundle #16, 8.8 Bundle #10, and 8.9 Bundle #3 has unknown impact and attack vectors, aka Oracle Vuln# PSE01.... Read more

    • EPSS Score: %3.57
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2014-9993

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, ... Read more

    • EPSS Score: %0.22
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-3712

    SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has unspecified impact and vectors.... Read more

    • EPSS Score: %0.33
    • Published: Feb. 26, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-11031

    application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has SSRF via the /debug URI, as demonstrated by an api[url]=file:////etc/passwd&api[method]=get POST request.... Read more

    Affected Products : phprap
    • EPSS Score: %0.80
    • Published: May. 14, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-7153

    PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 allows remote attackers to execute arbitrary code via a URL in the pathToFiles parameter.... Read more

    Affected Products : forum
    • EPSS Score: %3.32
    • Published: Mar. 07, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 292100 Results