Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2019-10842

    Arbitrary code execution (via backdoor code) was discovered in bootstrap-sass 3.2.0.3, when downloaded from rubygems.org. An unauthenticated attacker can craft the ___cfduid cookie value with base64 arbitrary code to be executed via eval(), which can be l... Read more

    Affected Products : bootstrap-sass
    • Published: Apr. 04, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-8224

    Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET.... Read more

    • Published: Apr. 25, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2009-1240

    Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibl... Read more

    • Published: Apr. 03, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2019-11210

    The server component of TIBCO Software Inc.'s TIBCO Enterprise Runtime for R - Server Edition, and TIBCO Spotfire Analytics Platform for AWS Marketplace contains a vulnerability that theoretically allows an unauthenticated user to bypass access controls a... Read more

    • Published: Sep. 18, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-9811

    The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the pr... Read more

    Affected Products : anti-virus_for_linux_server
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-2506

    DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate a certain offset value, which allows remote attackers to execute arbitrary code or cause a d... Read more

    Affected Products : android
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-2419

    media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection... Read more

    Affected Products : android
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6608

    mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 19779574, 23680780, 23876444, and 23658... Read more

    Affected Products : android
    • Published: Nov. 03, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2017-17877

    An issue was discovered in Valve Steam Link build 643. When the SSH daemon is enabled for local development, the device is publicly available via IPv6 TCP port 22 over the internet (with stateless address autoconfiguration) by default, which makes it easi... Read more

    Affected Products : steam_link_firmware steam_link
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2018-1000838

    autopsy version <= 4.9.0 contains a XML External Entity (XXE) vulnerability in CaseMetadata XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Specially crafted C... Read more

    Affected Products : autopsy
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-14127

    Possible buffer overflow while playing mkv clip due to lack of validation of atom size buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in ... Read more

    • Published: Apr. 16, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-0672

    Unspecified vulnerability in HP PSC 1210 All-in-One Drivers before 1.0.06 has unknown impact and attack vectors.... Read more

    Affected Products : psc_1210_all-in-one
    • Published: Feb. 13, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-0751

    Multiple unspecified vulnerabilities in the (1) Filesystem in USErspace (FUSE) client and (2) NOOFS daemon in in Network Object Oriented File System (NOOFS) before 0.9.0 have unspecified impact and attack vectors.... Read more

    • Published: Feb. 18, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2018-19081

    An issue was discovered on Foscam Opticam i5 devices with System Firmware 1.5.2.11 and Application Firmware 2.21.1.128. The ONVIF devicemgmt SetDNS method allows remote attackers to execute arbitrary OS commands via the IPv4Address field.... Read more

    • Published: Nov. 07, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-4489

    Directory traversal vulnerability in ap-save.php in Atarone CMS 1.2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme_chosen parameter. NOTE: the provenance of this information is unknow... Read more

    Affected Products : atarone
    • Published: Oct. 08, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-3353

    Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors.... Read more

    Affected Products : drupal node2node
    • Published: Sep. 24, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2018-12464

    A SQL injection vulnerability in the web administration and quarantine components of Micro Focus Secure Messaging Gateway allows an unauthenticated remote attacker to execute arbitrary SQL statements against the database. This can be exploited to create a... Read more

    Affected Products : secure_messaging_gateway
    • Published: Jun. 29, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-13886

    Unchecked OTA field in GNSS XTRA3 lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile... Read more

    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-13547

    Advantech WISE-PaaS/RMM, Versions 3.3.29 and prior. There is an unsecured function that allows anyone who can access the IP address to use the function without authentication.... Read more

    Affected Products : wise-paas\/rmm
    • Published: Oct. 31, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-18314

    In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, ... Read more

    • Published: Sep. 20, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293304 Results