Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2008-0077

    Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG elemen... Read more

    • Published: Feb. 12, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2011-0253

    WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE... Read more

    • Published: Jul. 21, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2021-25162

    A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 ... Read more

    • Published: Mar. 30, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-6427

    The XInput extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via requests related to byte swapping and heap corruption within multiple functions, a different vulnerability than CVE-2007-4990.... Read more

    • Published: Jan. 18, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-6165

    Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate progr... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Nov. 29, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-5653

    The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit se... Read more

    Affected Products : php
    • Published: Oct. 23, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-5020

    Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon a vag... Read more

    Affected Products : acrobat acrobat_reader
    • Published: Sep. 21, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4987

    Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address.... Read more

    Affected Products : imagemagick
    • Published: Sep. 24, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4687

    The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Nov. 15, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4673

    Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5... Read more

    Affected Products : quicktime
    • Published: Oct. 04, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4607

    Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll 6.0.1 in the Quiksoft EasyMail SMTP Object, as used in Postcast Server Pro 3.0.61 and other products, allows remote attackers to execute arbitrary code via a long argument to the SubmitT... Read more

    • Published: Aug. 31, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4381

    Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself.... Read more

    Affected Products : jre sdk jdk
    • Published: Aug. 17, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3895

    Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted (1) WAV or (2) AVI file.... Read more

    • Published: Dec. 12, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3845

    Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file ex... Read more

    Affected Products : firefox thunderbird windows_xp seamonkey
    • Published: Aug. 08, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-2921

    Multiple buffer overflows in acgm.dll in the Corel / Micrografx ActiveCGM Browser ActiveX control before 7.1.4.19 allow remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : activecgm_browser
    • Published: Jun. 14, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-2397

    QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets.... Read more

    Affected Products : quicktime
    • Published: Jul. 15, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-2388

    Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be lever... Read more

    Affected Products : quicktime mac_os_x all_windows
    • Published: May. 29, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-1201

    Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSourc... Read more

    • Published: Mar. 11, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-0654

    Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-based buffer overflow.... Read more

    Affected Products : x_multimedia_system
    • Published: Mar. 21, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-0321

    Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield Update Service) allows remote attackers to execute arbitrary code via the Download method.... Read more

    Affected Products : flexnet_connect
    • Published: Feb. 23, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 293343 Results