Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2007-0035

    Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word... Read more

    Affected Products : office works
    • EPSS Score: %58.63
    • Published: May. 08, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-0200

    Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages.... Read more

    Affected Products : php
    • EPSS Score: %11.29
    • Published: Jan. 13, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2007-0940

    Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka th... Read more

    Affected Products : biztalk_server capicom
    • EPSS Score: %74.94
    • Published: May. 08, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-2514

    Stack-based buffer overflow in XferWan.exe as used in multiple products including (1) Symantec Discovery 6.5, (2) Numara Asset Manager 8.0, and (3) Centennial UK Ltd Discovery 2006 Feature Pack, allows remote attackers to execute arbitrary code via a long... Read more

    Affected Products : discovery asset_manager discovery
    • EPSS Score: %11.62
    • Published: Jun. 06, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4995

    Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : openssl
    • EPSS Score: %9.57
    • Published: Oct. 13, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-3878

    Stack-based buffer overflow in the Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 in Ultra Shareware Ultra Office Control allows remote attackers to execute arbitrary code via long strUrl, strFile, and strPostData parameters to the Htt... Read more

    Affected Products : ultra_office_control
    • EPSS Score: %71.93
    • Published: Sep. 02, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-4128

    Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the ... Read more

    Affected Products : ios 871_integrated_services_router
    • EPSS Score: %1.52
    • Published: Sep. 18, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-4342

    NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to... Read more

    • EPSS Score: %26.71
    • Published: Sep. 30, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-4564

    Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remo... Read more

    • EPSS Score: %54.25
    • Published: Mar. 18, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-0202

    Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-bas... Read more

    Affected Products : office_powerpoint
    • EPSS Score: %47.53
    • Published: Jun. 11, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-3518

    Argument injection vulnerability in the iim: URI handler in IBMIM.exe in IBM Installation Manager 1.3.2 and earlier, as used in IBM Rational Robot and Rational Team Concert, allows remote attackers to load arbitrary DLL files via the -vm option, as demons... Read more

    Affected Products : installation_manager
    • EPSS Score: %7.86
    • Published: Oct. 01, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-3577

    Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allows remote attackers to execute arbitrary code via a .max file with a MAXScript statement that calls the DOSCommand method, related to "application callbacks."... Read more

    Affected Products : 3ds_max
    • EPSS Score: %3.96
    • Published: Nov. 24, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-4656

    Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2 including 4.2.2.7.5, and 5.x including 5.1.4.3.1, allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a playlist file (.pls)... Read more

    Affected Products : dj_studio_pro
    • EPSS Score: %68.42
    • Published: Mar. 03, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-3152

    Untrusted search path vulnerability in Adobe Illustrator CS4 14.0.0, CS5 15.0.1 and earlier, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwma... Read more

    Affected Products : illustrator
    • EPSS Score: %5.91
    • Published: Aug. 27, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2019-2109

    In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for explo... Read more

    Affected Products : android
    • EPSS Score: %0.34
    • Published: Jul. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-2131

    An application with overlay permission can display overlays on top of settings UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: An... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2025-22273

    Application does not limit the number or frequency of user interactions, such as the number of incoming requests. At the "/EPMUI/VfManager.asmx/ChangePassword" endpoint it is possible to perform a brute force attack on the current password in use. This ... Read more

    Affected Products :
    • Published: Feb. 28, 2025
    • Modified: Mar. 05, 2025
    • Vuln Type: Authentication

  • 9.3

    HIGH
    CVE-2022-27837

    A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attacker to access the file with system privilege.... Read more

    Affected Products : android accessibility
    • EPSS Score: %0.30
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-8680

    The Graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with... Read more

    Affected Products : mate_s_firmware p8_firmware p8 mate_s
    • EPSS Score: %0.05
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3762

    The sockets subsystem in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows attackers to gain privileges via a crafted application that uses (1) the AF_MSM_IPC socket class or (2) another socket class that is unrecognized by ... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292508 Results