Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2008-4387

    Unspecified vulnerability in the Simba MDrmSap ActiveX control in mdrmsap.dll in SAP SAPgui allows remote attackers to execute arbitrary code via unknown vectors involving instantiation by Internet Explorer.... Read more

    • Published: Nov. 10, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2017-16377

    An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability is due to a computation that accesses ... Read more

    • Published: Dec. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-16399

    An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to an untrusted pointer dereference in ... Read more

    • Published: Dec. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2008-3162

    Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio an... Read more

    Affected Products : ffmpeg
    • Published: Jul. 14, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-4817

    The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted PDF document that calls an AcroJS function with a long string argument, triggering heap corruption.... Read more

    • Published: Nov. 05, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-3135

    Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Wo... Read more

    • Published: Nov. 11, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2012-3655

    WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-S... Read more

    Affected Products : safari
    • Published: Jul. 25, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2008-5356

    Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted True... Read more

    Affected Products : jre sdk jdk
    • Published: Dec. 05, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2017-7021

    An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "AppleGraphicsPowerManagement" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memor... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2009-3797

    Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.... Read more

    Affected Products : flash_player adobe_air
    • Published: Dec. 10, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-4097

    An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context via a crafted app.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Apr. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-4196

    An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "Accessibility Framework" component. It allows attackers to execute arbitrary code in a privileged context or obtain sensitive information via a cr... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-9688

    Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : windows download_manager
    • Published: Jul. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-4420

    A memory corruption issue was addressed by removing the vulnerable code. This issue affected versions prior to iOS 12.1, macOS Mojave 10.14.1, tvOS 12.1, watchOS 5.1.... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-4928

    Adobe InDesign versions 13.0 and below have an exploitable Memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.... Read more

    Affected Products : mac_os_x windows indesign
    • Published: May. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-9725

    In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail.... Read more

    Affected Products : android
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2015-6049

    Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE... Read more

    Affected Products : internet_explorer
    • Published: Oct. 14, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2018-0806

    Equation Editor in Microsoft Office 2003, Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allows a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Word Remote ... Read more

    Affected Products : office word office_compatibility_pack
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-8231

    A remote code execution vulnerability exists when HTTP Protocol Stack (Http.sys) improperly handles objects in memory, aka "HTTP Protocol Stack Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.... Read more

    • Published: Jun. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-0007

    Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QuickTime movie file containing invalid image width data in JPEG atoms within... Read more

    Affected Products : quicktime
    • Published: Jan. 21, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 293953 Results