Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2013-0091

    Use-after-free vulnerability in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CElement Use After Free Vulnerability."... Read more

    • Published: Mar. 13, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2015-6602

    libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x.... Read more

    Affected Products : android
    • Published: Oct. 02, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2012-4701

    Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and 3.7 allows remote attackers to read sensitive files, and consequently execute arbitrary code, by leveraging (1) valid credentials or (2) the guest feature.... Read more

    Affected Products : niagara_ax_framework niagara_ax
    • Published: Feb. 15, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-4187

    Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 do not properly manage a certain insPos variable, which allows remote attackers to execute arbitrary code o... Read more

    • Published: Oct. 10, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-4185

    Buffer overflow in the nsCharTraits::length function in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allows remote attackers to execute arbitrary code o... Read more

    • Published: Oct. 10, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2015-6621

    SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23909438.... Read more

    Affected Products : android
    • Published: Dec. 08, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2012-3599

    WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-S... Read more

    Affected Products : safari
    • Published: Jul. 25, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-3569

    Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used in VMware Workstation 8.x before 8.0.5, VMware Player 4.x before 4.0.5, and other products, allows user-assisted remote attackers to execute arbitrary code via a crafted OVF file.... Read more

    Affected Products : player workstation windows ovf_tool
    • Published: Nov. 14, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2020-8813

    graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in a cookie, if a guest user has the graph real-time privilege.... Read more

    • Published: Feb. 22, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2012-2834

    Integer overflow in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted data in the Matroska container format.... Read more

    Affected Products : chrome
    • Published: Jun. 27, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2015-6531

    Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file.... Read more

    Affected Products : pan-os
    • Published: Jun. 01, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2012-2526

    The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP3 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to a deleted object, aka "Re... Read more

    Affected Products : windows_xp
    • Published: Aug. 15, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-0665

    Heap-based buffer overflow in Apple QuickTime before 7.7.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.... Read more

    Affected Products : quicktime
    • Published: May. 16, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-0607

    WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CV... Read more

    Affected Products : itunes iphone_os
    • Published: Mar. 08, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2014-0273

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE... Read more

    Affected Products : internet_explorer
    • Published: Feb. 12, 2014
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-0210

    debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to obtain system information and execute arbitrary code via the file name in a (1) .dsc or (2) .changes file.... Read more

    Affected Products : devscripts
    • Published: Jun. 16, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-0137

    Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a ... Read more

    Affected Products : visio_viewer
    • Published: Feb. 14, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-4109

    Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.... Read more

    Affected Products : openssl
    • Published: Jan. 06, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-3402

    Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 all... Read more

    • Published: Nov. 04, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-3378

    RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package... Read more

    Affected Products : rpm
    • Published: Dec. 24, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 293605 Results