Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2017-20198

    The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations, attackers can deploy a container that mounts the host's root filesystem (/) with read/write pr... Read more

    Affected Products :
    • Published: Jul. 23, 2025
    • Modified: Jul. 25, 2025
    • Vuln Type: Authorization

  • 9.3

    HIGH
    CVE-2016-1825

    IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: May. 20, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-1823

    The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds read ... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • Published: May. 20, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-1806

    Crash Reporter in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: May. 20, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-1669

    The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overf... Read more

    • Published: May. 14, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-1644

    WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified oth... Read more

    Affected Products : chrome
    • Published: Mar. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-1646

    The Array.prototype.concat implementation in builtins.cc in Google V8, as used in Google Chrome before 49.0.2623.108, does not properly consider element data types, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibl... Read more

    • Actively Exploited
    • Published: Mar. 29, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-1027

    Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a differ... Read more

    • Published: Apr. 09, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-0974

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler befor... Read more

    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-0966

    Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to ... Read more

    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-0084

    Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."... Read more

    Affected Products : edge
    • Published: Feb. 10, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6104

    The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows remote attackers to exe... Read more

    • Published: Nov. 11, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6003

    Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.... Read more

    Affected Products : qts
    • Published: Oct. 16, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8447

    Use-after-free vulnerability in the Color object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204,... Read more

    • Published: Dec. 10, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2021-24090

    Windows Error Reporting Elevation of Privilege Vulnerability... Read more

    • Published: Mar. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-2506

    atmfd.dll in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to caus... Read more

    • Published: Sep. 09, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-2494

    Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE... Read more

    Affected Products : edge internet_explorer
    • Published: Sep. 09, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-2447

    Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2446.... Read more

    Affected Products : internet_explorer
    • Published: Aug. 14, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-2390

    Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE... Read more

    Affected Products : internet_explorer
    • Published: Jul. 14, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-1767

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE... Read more

    Affected Products : internet_explorer
    • Published: Jul. 14, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293353 Results