Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2018-9318

    The Telematics Control Unit (aka Telematic Communication Box or TCB), when present on BMW vehicles produced in 2012 through 2018, allows a remote attack via a cellular network.... Read more

    • Published: May. 31, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-9355

    In bta_dm_sdp_result of bta_dm_act.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. P... Read more

    Affected Products : android
    • Published: Nov. 06, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-8455

    Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to ... Read more

    • Published: Dec. 10, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2022-0543

    It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.... Read more

    Affected Products : ubuntu_linux debian_linux redis
    • Actively Exploited
    • Published: Feb. 18, 2022
    • Modified: Apr. 02, 2025

  • 10.0

    HIGH
    CVE-2015-8433

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler befor... Read more

    • Published: Dec. 10, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-8405

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler befor... Read more

    • Published: Dec. 10, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-8047

    Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to ... Read more

    • Published: Dec. 10, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-8045

    Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to ... Read more

    • Published: Dec. 10, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-9139

    On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165.... Read more

    Affected Products : samsung_mobile
    • Published: Mar. 30, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-7647

    Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-7648.... Read more

    • Published: Oct. 18, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7642

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.... Read more

    • Published: Oct. 18, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7634

    Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute a... Read more

    • Published: Oct. 15, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7630

    Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allow attackers to execute a... Read more

    • Published: Oct. 15, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7622

    Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbitrary ... Read more

    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7221

    Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a deque size change.... Read more

    Affected Products : firefox fedora leap opensuse
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-7203

    Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted fo... Read more

    Affected Products : firefox fedora leap opensuse
    • Published: Dec. 16, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-9245

    The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection vulnerability in the User ID and password fields that allows users to bypass the login page and execute remote code on the operating system.... Read more

    Affected Products : ipecs_nms
    • Published: Apr. 22, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-4465

    Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer er... Read more

    Affected Products : terminal_server
    • Published: Aug. 31, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2021-42392

    The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. ... Read more

    • Published: Jan. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-5580

    Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute a... Read more

    • Published: Sep. 22, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293186 Results