Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2003-0693

    A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-200... Read more

    Affected Products : openssh
    • Published: Sep. 22, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2017-12557

    A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.... Read more

    Affected Products : intelligent_management_center
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-12240

    The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also ... Read more

    • Actively Exploited
    • Published: Sep. 29, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2003-0599

    Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root.... Read more

    Affected Products : phpgroupware
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0575

    Heap-based buffer overflow in the name services daemon (nsd) in SGI IRIX 6.5.x through 6.5.21f, and possibly earlier versions, allows attackers to gain root privileges via the AUTH_UNIX gid list.... Read more

    Affected Products : irix
    • Published: Aug. 27, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2017-10151

    Vulnerability in the Oracle Identity Manager component of Oracle Fusion Middleware (subcomponent: Default Account). Supported versions that are affected are 11.1.1.7, 11.1.2.3 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker ... Read more

    Affected Products : identity_manager
    • Published: Oct. 30, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-1000215

    ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution... Read more

    Affected Products : xrootd
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2018-21072

    An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos chipsets) software. A kernel driver allows out-of-bounds Read/Write operations and possibly arbitrary code execution. The Samsung ID is SVE-2018-11358 (May 2018).... Read more

    Affected Products : android
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-21055

    An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm models using MSM8996 chipsets) software. A device can be rooted with a custom image to execute arbitrary scripts in the INIT context. The Samsung ID is SVE-2018-11940 (September 2018)... Read more

    Affected Products : android msm8996
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-21066

    An issue was discovered on Samsung mobile devices with M(6.0) (Exynos or MediaTek chipsets) software. There is a buffer overflow in a Trustlet that can cause memory corruption. The Samsung ID is SVE-2018-11599 (July 2018).... Read more

    Affected Products : android
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-21049

    An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is an arbitrary memory write in a Trustlet because a secure driver allows access to sensitive APIs. The Samsung ID is SVE-2018-12881 (November 2018)... Read more

    Affected Products : android
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-20961

    In the Linux kernel before 4.16.4, a double free vulnerability in the f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the f_midi driver may allow attackers to cause a denial of service or possibly have unspecified other impact.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 07, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-7456

    VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH private key with a publicly known password, which makes it easier for remote attackers to obtain login access via an SSH session.... Read more

    Affected Products : vsphere_data_protection
    • Published: Dec. 29, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-20841

    HooToo TripMate Titan HT-TM05 and HT-05 routers with firmware 2.000.022 and 2.000.082 allow remote command execution via shell metacharacters in the mac parameter of a protocol.csp?function=set&fname=security&opt=mac_table request.... Read more

    • Published: Jun. 11, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2003-0453

    traceroute-nanog 6.1.1 allows local users to overwrite unauthorized memory and possibly execute arbitrary code via certain "nprobes" and "max_ttl" arguments that cause an integer overflow that is used when allocating memory, which leads to a buffer overfl... Read more

    Affected Products : traceroute-nanog
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0431

    The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not properly handle a zero-length buffer size, with unknown consequences.... Read more

    Affected Products : linux ethereal
    • Published: Jul. 24, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2016-4256

    Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4257, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, CVE-2016-42... Read more

    Affected Products : digital_editions
    • Published: Sep. 16, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2024-5171

    Integer overflow in libaom internal function img_alloc_helper can lead to heap buffer overflow. This function can be reached via 3 callers: * Calling aom_img_alloc() with a large value of the d_w, d_h, or align parameter may result in integer overflo... Read more

    Affected Products : libaom
    • Published: Jun. 05, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-3642

    The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.... Read more

    Affected Products : virtualization_manager
    • Published: Jun. 17, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-3613

    Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, and 5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to OpenSSL.... Read more

    Affected Products : secure_global_desktop
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 293352 Results