Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2018-10192

    IPVanish 3.0.11 for macOS suffers from a root privilege escalation vulnerability. The `com.ipvanish.osx.vpnhelper` LaunchDaemon implements an insecure XPC service that could allow an attacker to execute arbitrary code as the root user. IPVanish uses a thi... Read more

    Affected Products : ipvanish
    • EPSS Score: %0.73
    • Published: Apr. 17, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-10039

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, SD 400, and SD 800, calling qsee_app_entry_return() without first calling qsee_app_entry() will cause the stack to be restored to an older state resulting ... Read more

    • EPSS Score: %0.22
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-10045

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/S... Read more

    • EPSS Score: %0.28
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-10046

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, and SD 810, use after free vulnerability when the PDN throttl... Read more

    • EPSS Score: %0.26
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-10051

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SDX20, after loading a dy... Read more

    • EPSS Score: %0.22
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-10053

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 450, SD 617, S... Read more

    • EPSS Score: %0.18
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-21574

    The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. This allows an attacker to craft a request that triggers a pi... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 10.0

    CRITICAL
    CVE-2024-21577

    ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACE_ExpressionEval node contains an eval() in its entrypoint function that accepts arbitrary user-controlled data. A user can create a workflow that results in executing arbitrary code on the server.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 10.0

    HIGH
    CVE-2020-27868

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of Qognify Ocularis 5.9.0.395. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of serialized objects ... Read more

    Affected Products : ocularis
    • EPSS Score: %43.77
    • Published: Feb. 12, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-54261

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK Digital Agency LLC TAX SERVICE Electronic HDM allows SQL Injection.This issue affects TAX SERVICE Electronic HDM: from n/a through 1.1.2.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 10.0

    HIGH
    CVE-2020-11163

    Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Ind... Read more

    • EPSS Score: %0.36
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11170

    Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdrago... Read more

    • EPSS Score: %0.33
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11272

    Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version later can lead to use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consu... Read more

    • EPSS Score: %0.39
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-47039

    In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local  information disclosure with no additional execution privileges needed. User  interaction is not needed for exploi... Read more

    Affected Products : android
    • Published: Dec. 18, 2024
    • Modified: Jul. 24, 2025

  • 10.0

    CRITICAL
    CVE-2024-47040

    There is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Dec. 18, 2024
    • Modified: Jul. 24, 2025

  • 10.0

    HIGH
    CVE-2021-20658

    SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows an attacker to execute arbitrary OS commands with the web server privilege via unspecified vectors.... Read more

    Affected Products : sv-cpt-mc310_firmware sv-cpt-mc310
    • EPSS Score: %2.14
    • Published: Feb. 24, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-11684

    Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. The fixed version... Read more

    • EPSS Score: %0.20
    • Published: Feb. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-27198

    An issue was discovered in Visualware MyConnection Server before v11.1a. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= URI. This application is written in Java and is thus cr... Read more

    Affected Products : myconnection_server
    • EPSS Score: %12.32
    • Published: Feb. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2021-21321

    fastify-reply-from is an npm package which is a fastify plugin to forward the current http request to another server. In fastify-reply-from before version 4.0.2, by crafting a specific URL, it is possible to escape the prefix of the proxied backend servic... Read more

    Affected Products : reply-from fastify-reply-from
    • EPSS Score: %0.45
    • Published: Mar. 02, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8298

    fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs via the `copy`, `copySync`, `remove`, and `removeSync` methods.... Read more

    Affected Products : fs-path
    • EPSS Score: %4.17
    • Published: Mar. 04, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291562 Results