Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2011-0170

    Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes before 10.2 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted International Color Consortium (ICC) profile in a... Read more

    • Published: Mar. 03, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0852

    The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted RLE data, which triggers an out-of-bounds array access.... Read more

    Affected Products : ffmpeg
    • Published: Dec. 07, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-5082

    Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as d... Read more

    Affected Products : windows_server_2008
    • Published: Jan. 17, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-3954

    Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."... Read more

    Affected Products : publisher
    • Published: Dec. 16, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-3630

    Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.... Read more

    Affected Products : acrobat acrobat_reader
    • Published: Oct. 06, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-3629

    Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620.... Read more

    Affected Products : acrobat acrobat_reader
    • Published: Oct. 06, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-3214

    Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Word Viewer; Offic... Read more

    • Published: Oct. 13, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-3174

    Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.14, Thunderbird before 3.0.9, and SeaMonkey before 2.0.9 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Oct. 21, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2017-18641

    In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.... Read more

    Affected Products : lxc
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2010-2882

    DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demons... Read more

    Affected Products : shockwave_player
    • Published: Aug. 26, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-3950

    The TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 does not properly convert data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a ... Read more

    Affected Products : office works office_converter_pack
    • Published: Dec. 16, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-2208

    Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object's deletion, which allows attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : mac_os_x acrobat acrobat_reader windows
    • Published: Jun. 30, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2017-18614

    The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter.... Read more

    Affected Products : kama_click_counter
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2010-2176

    Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than ... Read more

    Affected Products : flash_player flash_player air
    • Published: Jun. 15, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-1791

    Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors in... Read more

    • Published: Jul. 30, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-1787

    WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application... Read more

    • Published: Jul. 30, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-1782

    WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application... Read more

    • Published: Jul. 30, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-1777

    Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL.... Read more

    • Published: Jul. 30, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-1209

    Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM nodes, ... Read more

    Affected Products : firefox seamonkey
    • Published: Jul. 30, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-1196

    Integer overflow in the nsGenericDOMDataNode::SetTextInternal function in Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, Thunderbird before 3.0.5, and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a DOM node wit... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Jun. 24, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 294348 Results