Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2012-5161

    The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : xenapp
    • Published: Dec. 26, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-4953

    The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine (SSE) before 5.2.8 does not properly perform bounds che... Read more

    • Published: Nov. 14, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-4214

    Use-after-free vulnerability in the nsTextEditorState::PrepareEditor function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers ... Read more

    • Published: Nov. 21, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-4213

    Use-after-free vulnerability in the nsEditor::FindNextLeafNode function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corrupti... Read more

    • Published: Nov. 21, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-3969

    Integer overflow in the nsSVGFEMorphologyElement::Filter function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute arb... Read more

    • Published: Aug. 29, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-3636

    WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-S... Read more

    Affected Products : safari
    • Published: Jul. 25, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-4787

    Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly initialized or (2) is deleted, aka "Improper Ref Coun... Read more

    • Published: Dec. 12, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-3610

    WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-S... Read more

    Affected Products : safari
    • Published: Jul. 25, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0862

    Multiple integer overflows in the process_frame_obj function in libavcodec/sanm.c in FFmpeg before 1.1.2 allow remote attackers to have an unspecified impact via crafted image dimensions in LucasArts Smush video data, which triggers an out-of-bounds array... Read more

    Affected Products : ffmpeg
    • Published: Nov. 23, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-1129

    FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via a crafted SFNT strin... Read more

    Affected Products : freetype firefox_mobile
    • Published: Apr. 25, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-0752

    Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to execute arbitrary code or cause a denial of serv... Read more

    • Published: Feb. 16, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-0725

    Adobe Flash Player before 11.2.202.229 in Google Chrome before 18.0.1025.151 allow attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2012-0724.... Read more

    • Published: Apr. 06, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-0671

    Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .pict file.... Read more

    Affected Products : quicktime
    • Published: May. 16, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-0612

    WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CV... Read more

    Affected Products : itunes iphone_os
    • Published: Mar. 08, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-0171

    Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "SelectAll Remote Code Execution Vulnerability."... Read more

    • Published: Apr. 10, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-0019

    Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a ... Read more

    Affected Products : visio_viewer
    • Published: Feb. 14, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-4252

    The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via a crafted sample height.... Read more

    Affected Products : realplayer
    • Published: Nov. 24, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-4141

    Untrusted search path vulnerability in EMC RSA SecurID Software Token 4.1 before 4.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Software Token file.... Read more

    Affected Products : securid
    • Published: Dec. 17, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-3691

    Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 allows local users to gain privileges via a Trojan horse dwmapi.dll, dwrite.dll, or msdrm.dll in the current working directory.... Read more

    Affected Products : foxit_reader reader
    • Published: Sep. 27, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-3397

    The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsof... Read more

    Affected Products : windows_server_2003 windows_xp
    • Published: Dec. 14, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 293509 Results