Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-1999-0018

    Buffer overflow in statd allows root privileges.... Read more

    Affected Products : aix solaris sunos irix
    • Published: Dec. 05, 1997
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2019-2006

    In serviceDied of HalDeathHandlerHidl.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User interaction is not needed f... Read more

    Affected Products : android
    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-2007

    In getReadIndex and getWriteIndex of FifoControllerBase.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to local escalation of privilege in the audio server with no additional execution privileges needed. User inte... Read more

    Affected Products : android
    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-6810

    The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote attackers to execute arbitrary code by using a servlet to... Read more

    Affected Products : connectrix_manager
    • Published: Dec. 12, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-1999-0047

    MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4.... Read more

    Affected Products : bsd_os openlinux sendmail
    • Published: Jan. 28, 1997
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0043

    Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.... Read more

    • Published: Dec. 04, 1996
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2023-28849

    GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a SQL injection attack. It can also be used to store malicious code that could be used to perform... Read more

    Affected Products : glpi
    • Published: Apr. 05, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2019-25136

    A compromised child process could have injected XBL Bindings into privileged CSS rules, resulting in arbitrary code execution and a sandbox escape. This vulnerability affects Firefox < 70.... Read more

    Affected Products : firefox
    • Published: Jun. 19, 2023
    • Modified: Dec. 11, 2024

  • 10.0

    HIGH
    CVE-2008-3691

    Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMw... Read more

    Affected Products : player server workstation ace
    • Published: Sep. 03, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-3576

    Buffer overflow in the TruncateString function in src/gfx.cpp in OpenTTD before 0.6.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted string. NOTE: some of these details are obtained fr... Read more

    Affected Products : openttd
    • Published: Aug. 10, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-3553

    Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition devices allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 3-10." NOTE: as of 20080807... Read more

    Affected Products : series_40 j2me
    • Published: Aug. 08, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-3551

    Multiple unspecified vulnerabilities in Sun Java Platform Micro Edition (aka Java ME, J2ME, or mobile Java), as distributed in Sun Wireless Toolkit 2.5.2, allow remote attackers to execute arbitrary code via unknown vectors. NOTE: as of 20080807, the onl... Read more

    • Published: Aug. 08, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-3552

    Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition FP1, and possibly later devices, allow remote attackers to execute arbitrary code via unknown vectors, probably related to MIDP privilege escalation and persistent MIDlets, aka "ISSUES 11... Read more

    Affected Products : series_40
    • Published: Aug. 08, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-3453

    Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown impact and attack vectors, related to modules/admin.php and "a few files."... Read more

    Affected Products : impresscms
    • Published: Aug. 04, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-3455

    PHP remote file inclusion vulnerability in include/admin.php in JnSHosts PHP Hosting Directory 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the rd parameter.... Read more

    Affected Products : php_hosting_directory
    • Published: Aug. 04, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-3411

    The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 software does not require authentication for (1) etc/config/System.html, (2) etc/config/Network.html, (3) etc/config/Security.html, (4) cgi-bin/sysconf.cgi, and (5) cgi-bin/route.cgi, which a... Read more

    Affected Products : akw-d800
    • Published: Jul. 31, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2019-20893

    An issue was discovered in Activision Infinity Ward Call of Duty Modern Warfare 2 through 2019-12-11. PartyHost_HandleJoinPartyRequest has a buffer overflow vulnerability and can be exploited by using a crafted joinParty packet. This can be utilized to co... Read more

    Affected Products : call_of_duty_modern_warfare_2
    • Published: Jun. 30, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-3376

    Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unknown impact and attack vectors.... Read more

    Affected Products : jamroom
    • Published: Jul. 30, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-3479

    Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of param... Read more

    Affected Products : office windows_2000
    • Published: Oct. 15, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-0874

    Multiple unspecified vulnerabilities in Intensive Point iUser Ecommerce before 2.2 have unspecified vectors and impact, as addressed by "Urgent secure fixes". NOTE: this might be a duplicate of CVE-2006-0854, but the vendor announcement for this issue (f... Read more

    Affected Products : iuser_ecommerce
    • Published: Feb. 24, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293284 Results