Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2009-1071

    Stack-based buffer overflow in Icarus 2.0 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted Portable Game Notation (.pgn) file.... Read more

    Affected Products : icarus
    • Published: Mar. 26, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-5277

    Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that trigger... Read more

    • Published: Jul. 15, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2015-8681

    The ovisp driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with so... Read more

    Affected Products : mate_s_firmware p8_firmware p8 mate_s
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2013-2645

    Multiple cross-site request forgery (CSRF) vulnerabilities on the TP-LINK WR1043N router with firmware TL-WR1043ND_V1_120405 allow remote attackers to hijack the authentication of administrators for requests that (1) enable FTP access (aka "FTP directory ... Read more

    Affected Products : tl-wr1043nd_firmware firmware
    • Published: Oct. 06, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2012-1197

    Integer overflow in the IDE_ACDStd.apl module for ACDSee 14.1 Build 137 allows remote attackers to execute arbitrary code via crafted "image dimension values" in a BMP file, which triggers a heap-based buffer overflow.... Read more

    Affected Products : acdsee
    • Published: Feb. 18, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-4556

    Stack-based buffer overflow in the SapThemeRepository ActiveX control (sapwdpcd.dll) in SAP NetWeaver Business Client allows remote attackers to execute arbitrary code via the (1) Load and (2) LoadTheme methods.... Read more

    Affected Products : netweaver_business_client
    • Published: Dec. 17, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    CRITICAL
    CVE-2021-41162

    Combodo iTop is a web based IT Service Management tool. In 3.0.0 beta releases prior to beta6 the `ajax.render.php?operation=wizard_helper` page did not properly escape the user supplied parameters, allowing for a cross site scripting attack vector. Users... Read more

    Affected Products : itop
    • Published: Apr. 21, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-2827

    Heap-based buffer overflow in LEAD Technologies LEADTOOLS ISIS ActiveX Control (ltisi14E.ocx) 14.5.0.44 and earlier allows remote attackers to execute arbitrary code via a long DriverName property.... Read more

    Affected Products : leadtools_isis_activex_control
    • Published: May. 22, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2012-0187

    Untrusted search path vulnerability in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 FP5+Security Pack allows local users to gain privileges via a Trojan horse DLL in the current working directory.... Read more

    Affected Products : lotus_expeditor
    • Published: Jun. 22, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2018-1778

    IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they ... Read more

    Affected Products : api_connect
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-1251

    Format string vulnerability in the new_warning function in ntserv/warning.c for Netrek Vanilla Server 2.12.0, when EVENTLOG is enabled, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in ... Read more

    Affected Products : netrek_vanilla_server
    • Published: Mar. 03, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2017-2964

    Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to the parsing of JPEG EXIF metadata. Successful exploitation... Read more

    • Published: Jan. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    CRITICAL
    CVE-2025-1950

    IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.... Read more

    • Published: Apr. 22, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2014-125116

    A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and fails to sanitize input before writing to the applicatio... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    HIGH
    CVE-2022-24492

    Remote Procedure Call Runtime Remote Code Execution Vulnerability... Read more

    • Published: Apr. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-7189

    The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Remote Code Execution Vulnerability."... Read more

    Affected Products : edge
    • Published: Oct. 14, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-1755

    The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerabili... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2011-4186

    Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url, a different vulnerability than CVE-2011-1705.... Read more

    Affected Products : windows iprint
    • Published: Feb. 21, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-2945

    Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted SIPR stream.... Read more

    Affected Products : realplayer realplayer_sp
    • Published: Aug. 18, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-4377

    Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code by specifying many subban... Read more

    • Published: Dec. 14, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 292812 Results