Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2017-2436

    An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "IOFireWireAVC" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) v... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2019-8684

    Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Proc... Read more

    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-0672

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2... Read more

    Affected Products : office office_365_proplus
    • Published: Mar. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-8786

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, macOS Catalina 10.15.1, tvOS 13.2, watchOS 6.1. An application may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos ipados
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-8868

    Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or possibly execute arbitrary code via an invalid blend mode in... Read more

    Affected Products : ubuntu_linux fedora debian_linux poppler
    • Published: May. 06, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2010-0028

    Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."... Read more

    • Published: Feb. 10, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-0480

    Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in FFmpeg, as used in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344, allow remote attackers to cause a denial of service (memory corruption and application crash) or possi... Read more

    • Published: Jan. 14, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-0558

    Integer overflow in Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code via a large array length value in the ActionScript method of the Function class.... Read more

    Affected Products : flash_player
    • Published: Feb. 10, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-0189

    A certain ActiveX control in NOS Microsystems getPlus Download Manager (aka DLM or Downloader) 1.5.2.35, as used in Adobe Download Manager, improperly validates requests involving web sites that are not in subdomains, which allows remote attackers to forc... Read more

    • Published: Feb. 23, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2008-5234

    Multiple heap-based buffer overflows in xine-lib 1.1.12, and other versions before 1.1.15, allow remote attackers to execute arbitrary code via vectors related to (1) a crafted metadata atom size processed by the parse_moov_atom function in demux_qt.c and... Read more

    Affected Products : xine-lib
    • Published: Nov. 26, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2010-0243

    Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow."... Read more

    Affected Products : office macos
    • Published: Feb. 10, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-0920

    The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors, aka SPR PRAD89WGRS.... Read more

    Affected Products : lotus_domino
    • Published: Feb. 08, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2019-7817

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful ex... Read more

    • Published: May. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-2844

    WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion... Read more

    Affected Products : chrome
    • Published: Mar. 06, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2019-8544

    A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitra... Read more

    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2011-1262

    Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "HTTP Redirect Memory Corruptio... Read more

    • Published: Jun. 16, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2020-1400

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1401, CVE-2020-1407.... Read more

    • Published: Jul. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2010-1033

    Multiple stack-based buffer overflows in a certain Tetradyne ActiveX control in HP Operations Manager 7.5, 8.10, and 8.16 might allow remote attackers to execute arbitrary code via a long string argument to the (1) LoadFile or (2) SaveFile method, related... Read more

    Affected Products : operations_manager
    • Published: Apr. 21, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2015-1760

    Microsoft Office Compatibility Pack SP3, Office 2010 SP2, Office 2013 SP1, and Office 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."... Read more

    Affected Products : office office_compatibility_pack
    • Published: Jun. 10, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-1759

    Microsoft Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."... Read more

    Affected Products : office_compatibility_pack
    • Published: Jun. 10, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293953 Results