Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2008-4283

    CRLF injection vulnerability in the WebContainer component in IBM WebSphere Application Server (WAS) 5.1.1.19 and earlier 5.1.x versions allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified v... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %0.50
    • Published: Feb. 10, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-11600

    An issue was discovered on Samsung mobile devices with Q(10.0) software. There is arbitrary code execution in the Fingerprint Trustlet via a memory overwrite. The Samsung IDs are SVE-2019-16587, SVE-2019-16588, SVE-2019-16589 (April 2020).... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11552

    An elevation of privilege vulnerability exists in ManageEngine ADSelfService Plus before build 6003 because it does not properly enforce user privileges associated with a Certificate dialog. This vulnerability could allow an unauthenticated attacker to es... Read more

    Affected Products : manageengine_adselfservice_plus
    • EPSS Score: %5.32
    • Published: Aug. 11, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-1887

    Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Security Server 8.95.J1 has unknown impact and attack vectors, aka Vuln# JDE01.... Read more

    Affected Products : enterpriseone
    • EPSS Score: %2.30
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2020-11543

    OpsRamp Gateway before 7.0.0 has a backdoor account vadmin with the password 9vt@f3Vt that allows root SSH access to the server. This issue has been resolved in OpsRamp Gateway firmware version 7.0.0 where an administrator and a system user accounts are t... Read more

    Affected Products : gateway
    • EPSS Score: %0.53
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-1881

    Unspecified vulnerability in the Financials for Asia/Pacific component in Oracle E-Business Suite and Applications 11.5.9 has unknown impact and attack vectors. component, aka Vuln# APPS02.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.98
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-1885

    Multiple unspecified vulnerabilities in the Reporting Framework component in Oracle Enterprise Manager 9.0.1.5 and 9.2.0.7 have unknown impact and attack vectors, aka Vuln# (1) EM01 and (2) EM02.... Read more

    Affected Products : enterprise_manager
    • EPSS Score: %2.30
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-1880

    Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, as identified by Vuln# (1) APPS01 in the (a) Application Install component; (2) APPS09 in the (b) Oracle Diagnostics Interf... Read more

    Affected Products : e-business_suite
    • EPSS Score: %2.30
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-1883

    Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite and Applications 11.5.10CU1 has unknown impact and attack vectors, aka Vuln# APPS05.... Read more

    Affected Products : e-business_suite
    • EPSS Score: %0.98
    • Published: Apr. 20, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-1792

    Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Edition before 1.74, and Enterprise Edition before 1.22 has unknown attack vectors and impact related to "authentication exploits". NOTE: this is a diff... Read more

    • EPSS Score: %0.55
    • Published: Apr. 15, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0796

    Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges.... Read more

    Affected Products : solaris sunos
    • EPSS Score: %2.57
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2020-11196

    u'Integer overflow to buffer overflow occurs while playback of ASF clip having unexpected number of codec entries' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Sna... Read more

    • EPSS Score: %0.36
    • Published: Nov. 12, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11193

    u'Buffer over read can happen while parsing mkv clip due to improper typecasting of data returned from atomsize' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapd... Read more

    • EPSS Score: %0.40
    • Published: Nov. 12, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11167

    Memory corruption while calculating L2CAP packet length in reassembly logic when remote sends more data than expected in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, S... Read more

    • EPSS Score: %0.33
    • Published: Jan. 21, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11153

    u'Out of bound memory access while processing GATT data received due to lack of check of pdu data length and leads to remote code execution' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Sna... Read more

    • EPSS Score: %3.83
    • Published: Nov. 02, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11176

    While processing server certificate from IPSec server, certificate validation for subject alternative name API can cause heap overflow which can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer... Read more

    • EPSS Score: %0.22
    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11140

    Out of bound memory access during music playback with ALAC modified content due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, ... Read more

    Affected Products : apq8017 apq8037 apq8052 apq8053 apq8056 apq8062 apq8064au apq8076 apq8084 apq8096au +439 more products
    • EPSS Score: %0.33
    • Published: Jan. 21, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11116

    u'Possible out of bound write while processing association response received from host due to lack of check of IE length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial ... Read more

    • EPSS Score: %0.33
    • Published: Sep. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-4237

    Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies a system when installing per-host configuration settings, which allows context-dependent attackers to have an unspecified impact by leveraging unintended settings, as demonstrated by t... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.52
    • Published: Dec. 17, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-4221

    The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocat... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.89
    • Published: Dec. 17, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 292495 Results