Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2020-3668

    u'Buffer overflow while parsing PMF enabled MCBC frames due to frame length being lesser than what is expected while parsing' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consume... Read more

    • Published: Sep. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-3669

    u'Buffer Overflow issue in WLAN tcp ip verification due to usage of out of range pointer offset' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial ... Read more

    • Published: Sep. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-2405

    Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462.... Read more

    Affected Products : ubuntu_linux debian_linux openjdk
    • Published: May. 14, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-3586

    A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insufficient validation of user-supplied i... Read more

    Affected Products : dna_spaces\
    • Published: Nov. 18, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-1182

    The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arb... Read more

    Affected Products : samba
    • Published: Apr. 10, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2014-6617

    Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session.... Read more

    • Published: Mar. 09, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-3762

    Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to arbitrary file system wri... Read more

    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-1378

    Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and before 11.1.115.54 on Android 4.x; Adobe AIR before 3.7.0.... Read more

    • Published: Apr. 10, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2014-6436

    Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary commands with administrator privileges by leveraging an exi... Read more

    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-6434

    gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action.... Read more

    Affected Products : gopro_hero_firmware gopro_hero
    • Published: Oct. 07, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2012-0131

    Distributed Computing Environment (DCE) 1.8 and 1.9 on HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.... Read more

    • Published: Apr. 05, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-3641

    Integer overflow may occur if atom size is less than atom offset as there is improper validation of atom size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdrag... Read more

    • Published: Jun. 02, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-6287

    The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to execute arbitrary programs via a %00 sequence in a search action.... Read more

    Affected Products : http_file_server
    • Actively Exploited
    • Published: Oct. 07, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2005-2715

    Format string vulnerability in the Java user interface service (bpjava-msvc) daemon for VERITAS NetBackup Data and Business Center 4.5FP and 4.5MP, and NetBackup Enterprise/Server/Client 5.0, 5.1, and 6.0, allows remote attackers to execute arbitrary code... Read more

    • Published: Oct. 12, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2012-0275

    Heap-based buffer overflow in Photoshop.exe in Adobe Photoshop CS5 12.x before 12.0.5, CS5.1 12.1.x before 12.1.1, and CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted TIFF image with SGI24LogLum compression.... Read more

    • Published: Sep. 04, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2014-6321

    Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via... Read more

    • Published: Nov. 11, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-6940

    Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service... Read more

    • Published: Oct. 13, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-6120

    IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow remote attackers to execute arbitrary commands on the installation serv... Read more

    • Published: Apr. 12, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-6967

    In Rockwell Automation all versions of FactoryTalk Diagnostics software, a subsystem of the FactoryTalk Services Platform, FactoryTalk Diagnostics exposes a .NET Remoting endpoint via RNADiagnosticsSrv.exe at TCPtcp/8082, which can insecurely deserialize ... Read more

    Affected Products : factorytalk_services_platform
    • Published: Mar. 23, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-30234

    A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior)... Read more

    • Published: Jun. 02, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 292795 Results