Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2024-11789

    Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interacti... Read more

    Affected Products : monitouch_v-sft
    • Published: Nov. 28, 2024
    • Modified: Dec. 03, 2024

  • 7.8

    HIGH
    CVE-2024-11787

    Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interacti... Read more

    Affected Products : monitouch_v-sft
    • Published: Nov. 28, 2024
    • Modified: Dec. 03, 2024

  • 7.8

    HIGH
    CVE-2018-9374

    In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.... Read more

    Affected Products : android
    • Published: Nov. 28, 2024
    • Modified: Dec. 18, 2024

  • 6.5

    MEDIUM
    CVE-2018-9354

    In VideoFrameScheduler.cpp of VideoFrameScheduler::PLL::fit, there is a possible remote denial of service due to divide by 0. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploi... Read more

    Affected Products : android
    • Published: Nov. 27, 2024
    • Modified: Dec. 18, 2024

  • 6.5

    MEDIUM
    CVE-2018-9353

    In ihevcd_parse_slice_data of ihevcd_parse_slice.c there is a possible heap buffer out of bound read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for ... Read more

    Affected Products : android
    • Published: Nov. 27, 2024
    • Modified: Dec. 18, 2024

  • 6.5

    MEDIUM
    CVE-2018-9352

    In ihevcd_allocate_dynamic_bufs of ihevcd_api.c there is a possible resource exhaustion due to integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.... Read more

    Affected Products : android
    • Published: Nov. 27, 2024
    • Modified: Dec. 18, 2024

  • 6.5

    MEDIUM
    CVE-2018-9351

    In ih264e_fmt_conv_420p_to_420sp of ih264e_fmt_conv.c there is a possible out of bound read due to missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitatio... Read more

    Affected Products : android
    • Published: Nov. 27, 2024
    • Modified: Dec. 18, 2024

  • 8.6

    HIGH
    CVE-2024-53860

    sp-php-email-handler is a PHP package for handling contact form submissions. Messages sent using this script are vulnerable to abuse, as the script allows anybody to specify arbitrary email recipients and include user-provided content in confirmation emai... Read more

    Affected Products :
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 6.5

    MEDIUM
    CVE-2024-53859

    go-gh is a Go module for interacting with the `gh` utility and the GitHub API from the command line. A security vulnerability has been identified in `go-gh` that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a ... Read more

    Affected Products :
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 6.5

    MEDIUM
    CVE-2024-53858

    The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing `git` submodules hosted outside of GitHub.com and ghe.com. This vu... Read more

    Affected Products : cli
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 6.8

    MEDIUM
    CVE-2024-53260

    Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name... Read more

    Affected Products : autolab
    • Published: Nov. 27, 2024
    • Modified: Apr. 21, 2025

  • 6.5

    MEDIUM
    CVE-2018-9350

    In ih264d_assign_pic_num of ih264d_utils.c there is a possible out of bound read due to missing bounds check. This could lead to a denial of service with no additional execution privileges needed. User interaction is needed for exploitation.... Read more

    Affected Products : android
    • Published: Nov. 27, 2024
    • Modified: Dec. 18, 2024

  • 6.5

    MEDIUM
    CVE-2018-9349

    In mv_err_cost of mcomp.c there is a possible out of bounds read due to missing bounds check. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.... Read more

    Affected Products : android
    • Published: Nov. 27, 2024
    • Modified: Dec. 18, 2024

  • 8.4

    HIGH
    CVE-2017-13323

    In String16 of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. User interaction is not needed for... Read more

    Affected Products : android
    • Published: Nov. 27, 2024
    • Modified: Dec. 18, 2024

  • 6.2

    MEDIUM
    CVE-2017-13321

    In SensorService::isDataInjectionEnabled of frameworks/native/services/sensorservice/SensorService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution priv... Read more

    Affected Products : android
    • Published: Nov. 27, 2024
    • Modified: Dec. 18, 2024

  • 6.5

    MEDIUM
    CVE-2017-13320

    In impeg2d_bit_stream_flush() of libmpeg2dec there is a possible OOB read due to a missing bounds check. This could lead to Remote DoS with no additional execution privileges needed. User interaction is needed for exploitation.... Read more

    Affected Products : android
    • Published: Nov. 27, 2024
    • Modified: Dec. 18, 2024

  • 7.5

    HIGH
    CVE-2017-13319

    In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp, there is a possible buffer overread due to a missing bounds check. This could lead to remote information disclosure of global static variables with no additional execution privileges needed. Use... Read more

    Affected Products : android
    • Published: Nov. 27, 2024
    • Modified: Dec. 18, 2024

  • 8.4

    HIGH
    CVE-2017-13316

    In checkPermissions of RecognitionService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e... Read more

    Affected Products : android
    • Published: Nov. 27, 2024
    • Modified: Dec. 18, 2024

  • 1.9

    LOW
    CVE-2024-53855

    Centurion ERP (Enterprise Rescource Planning) is a simple application developed to provide open source IT management with a large emphasis on the IT Service Management (ITSM) modules. A user who is authenticated and has view permissions for a ticket, can ... Read more

    Affected Products : centurion_erp
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024

  • 5.1

    MEDIUM
    CVE-2024-53264

    bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the "next" parameter. The loadi... Read more

    Affected Products :
    • Published: Nov. 27, 2024
    • Modified: Nov. 27, 2024
Showing 20 of 291401 Results