Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2011-4875

    Stack-based buffer overflow in HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA portal); the TP, OP, MP, Comfort Panels, and Mobile Panels SIMATIC HMI panels; WinCC V11 Runtime Advanced; and WinCC flex... Read more

    • Published: Feb. 03, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2007-6468

    Buffer overflow in the HuffDecode function in hw_utils/hwrcon/huffman.c and hexenworld/Client/huffman.c in Hammer of Thyrion 1.4.2 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted huffman encoded packet. NOTE: ... Read more

    Affected Products : hammer_of_thyrion
    • Published: Dec. 20, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2013-3934

    Stack-based buffer overflow in Kingsoft Writer 2012 8.1.0.3030, as used in Kingsoft Office 2013 before 9.1.0.4256, allows remote attackers to execute arbitrary code via a long font name in a WPS file.... Read more

    Affected Products : office_2012 writer_2012
    • Published: Sep. 10, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-5193

    Stack-based buffer overflow in the TIFMergeMultiFiles function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0 and Gold 6.0 allows remote attackers to execute arbitrary code via a long strDelimit paramet... Read more

    • Published: Aug. 31, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2008-2511

    Directory traversal vulnerability in the UmxEventCli.CachedAuditDataList.1 (aka UmxEventCliLib) ActiveX control in UmxEventCli.dll in CA Internet Security Suite 2008 allows remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the... Read more

    • Published: Jun. 02, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2016-8768

    Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege.... Read more

    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2013-0856

    The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec (ALAC) data, related to a large nb_samples value.... Read more

    Affected Products : ffmpeg
    • Published: Dec. 07, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0928

    The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation.... Read more

    Affected Products : alphastor
    • Published: Jan. 21, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2007-0352

    Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string.... Read more

    Affected Products : html_help_workshop
    • Published: Jan. 19, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2003-1388

    Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to crash Opera via a long HTTP request ending in a .ZIP extension.... Read more

    Affected Products : opera_browser
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 9.3

    CRITICAL
    CVE-2024-37252

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Icegram Email Subscribers & Newsletters allows SQL Injection.This issue affects Email Subscribers & Newsletters: from n/a through 5.7.25.... Read more

    Affected Products : email_subscribers_\&_newsletters
    • Published: Jun. 26, 2024
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-3092

    Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged f... Read more

    Affected Products : internet_explorer
    • Published: Jun. 06, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4926

    The AXIS 207W camera uses a base64-encoded cleartext username and password for authentication, which allows remote attackers to obtain sensitive information by sniffing the wireless network or by leveraging unspecified other vectors.... Read more

    Affected Products : 207w_camera
    • Published: Sep. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4939

    Heap-based buffer overflow in mplayerc.exe in Media Player Classic (MPC) 6.4.9.0 and earlier, as used standalone and in mympc (aka CD-Storm) 1.0.0.1, StormPlayer 1.0.4, and possibly other products, allows remote attackers to cause a denial of service (app... Read more

    • Published: Sep. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-6060

    AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a filename string at a location indicated by the "Filename length" field in a ZIP header, which allows remote attackers to cause a denial of service (machine crash) and possibly execute ar... Read more

    Affected Products : v3_internet_security
    • Published: Nov. 20, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-4664

    Heap-based buffer overflow in QvodInsert.QvodCtrl.1 ActiveX control (QvodInsert.dll) in QVOD Player before 2.1.5 build 0053 allows remote attackers to execute arbitrary code via a long URL property. NOTE: some of these details are obtained from third par... Read more

    Affected Products : qvod_player
    • Published: Oct. 22, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-6089

    PHP remote file inclusion vulnerability in index.php in meBiblio 0.4.5 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.... Read more

    Affected Products : mebiblio
    • Published: Nov. 22, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-6706

    Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH or 7.0.3, and possibly 8.0 allows remote attackers to execute arbitrary code via crafted text in an e-mail message sent over SMTP.... Read more

    Affected Products : lotus_notes notes
    • Published: Mar. 09, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2011-4037

    Buffer overflow in Sielco Sistemi Winlog PRO before 2.07.09 and Winlog Lite before 2.07.09 allows user-assisted remote attackers to execute arbitrary code via invalid data in unspecified fields of a project file.... Read more

    Affected Products : winlog_lite winlog_pro
    • Published: Dec. 22, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-5088

    The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 and BizViz 9.21 configures the trusted zone on the basis of user input, which allows remote attackers to execute arbitrary code via a crafted web site, related to a "Workbench32/WebHMI c... Read more

    Affected Products : genesis32 bizviz
    • Published: Apr. 18, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293350 Results