Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2018-1778

    IBM LoopBack (IBM API Connect 2018.1, 2018.4.1, 5.0.8.0, and 5.0.8.4) could allow an attacker to bypass authentication if the AccessToken Model is exposed over a REST API, it is then possible for anyone to create an AccessToken for any User provided they ... Read more

    Affected Products : api_connect
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-1251

    Format string vulnerability in the new_warning function in ntserv/warning.c for Netrek Vanilla Server 2.12.0, when EVENTLOG is enabled, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via format string specifiers in ... Read more

    Affected Products : netrek_vanilla_server
    • Published: Mar. 03, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2017-2964

    Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to the parsing of JPEG EXIF metadata. Successful exploitation... Read more

    • Published: Jan. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    CRITICAL
    CVE-2025-1950

    IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.... Read more

    • Published: Apr. 22, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    CRITICAL
    CVE-2014-125116

    A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and fails to sanitize input before writing to the applicatio... Read more

    Affected Products :
    • Published: Jul. 25, 2025
    • Modified: Jul. 29, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    HIGH
    CVE-2022-24492

    Remote Procedure Call Runtime Remote Code Execution Vulnerability... Read more

    • Published: Apr. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-7189

    The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Remote Code Execution Vulnerability."... Read more

    Affected Products : edge
    • Published: Oct. 14, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-1755

    The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerabili... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2011-4186

    Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url, a different vulnerability than CVE-2011-1705.... Read more

    Affected Products : windows iprint
    • Published: Feb. 21, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-2945

    Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted SIPR stream.... Read more

    Affected Products : realplayer realplayer_sp
    • Published: Aug. 18, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-4377

    Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code by specifying many subban... Read more

    • Published: Dec. 14, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2009-0238

    Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote att... Read more

    • Published: Feb. 25, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-6250

    Stack-based buffer overflow in AOL AOLMediaPlaybackControl (AOLMediaPlaybackControl.exe), as used by AmpX ActiveX control (AmpX.dll), might allow remote attackers to execute arbitrary code via the AppendFileToPlayList method.... Read more

    Affected Products : aolmediaplaybackcontrol ampx
    • Published: Jan. 09, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-3651

    Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.... Read more

    Affected Products : office word
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2022-21917

    HEVC Video Extensions Remote Code Execution Vulnerability... Read more

    Affected Products : hevc_video_extensions
    • Published: Jan. 11, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2021-40727

    Access of Memory Location After End of Buffer (CWE-788... Read more

    Affected Products : macos windows indesign
    • Published: Jun. 15, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-6515

    Use after free in tab strip in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    • Published: Jul. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-1226

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1225.... Read more

    Affected Products : office 365_apps excel
    • Published: Jun. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-7877

    Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the Action Message Format serialization (AFM0). Successful exploitation could lead to arbitrary code execution.... Read more

    • Published: Dec. 15, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-4175

    Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a differ... Read more

    • Published: Jul. 13, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 292870 Results