Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2014-1780

    Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-20... Read more

    Affected Products : internet_explorer
    • Published: Jun. 11, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2009-1570

    Integer overflow in the ReadImage function in plug-ins/file-bmp/bmp-read.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a BMP file with crafted width and height values that trigger a heap-based buffer overflow.... Read more

    Affected Products : gimp
    • Published: Nov. 13, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-1240

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1241, CVE-2019-1242, CVE-2019-1243, ... Read more

    • Published: Sep. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-28845

    A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system.... Read more

    Affected Products : netskope
    • Published: Nov. 20, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-1687

    The JavaScript garbage collector in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle allocation failures, which allows remote attackers to execute arbitrary code or cau... Read more

    Affected Products : safari
    • Published: Jun. 10, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2010-2205

    Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, access uninitialized memory, which allows attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : mac_os_x acrobat acrobat_reader windows
    • Published: Jun. 30, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2014-1251

    Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted clef atom in a movie file.... Read more

    Affected Products : quicktime
    • Published: Feb. 27, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2014-1756

    Untrusted search path vulnerability in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1, when the Simplified Chinese Proofing Tool is enabled, allows local users to gain privileges via a Trojan horse DLL in the current worki... Read more

    Affected Products : office
    • Published: May. 14, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2009-1832

    Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame co... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Jun. 12, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-1840

    Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a ... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Jun. 12, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2014-1245

    Integer signedness error in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted stsz atom in a movie file.... Read more

    Affected Products : quicktime
    • Published: Feb. 27, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2014-1202

    The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.... Read more

    Affected Products : soapui soapui
    • Published: Jan. 25, 2014
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2014-1209

    VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution of an arbitrary program via unspecified vectors.... Read more

    Affected Products : vsphere_client
    • Published: Apr. 11, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2019-1462

    A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka 'Microsoft PowerPoint Remote Code Execution Vulnerability'.... Read more

    Affected Products : office office_365_proplus powerpoint
    • Published: Dec. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2014-1246

    Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file.... Read more

    Affected Products : quicktime
    • Published: Feb. 27, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2010-3336

    Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read... Read more

    • Published: Nov. 10, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-3818

    Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vector... Read more

    • Published: Nov. 22, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2009-3301

    Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word docume... Read more

    Affected Products : ubuntu_linux debian_linux openoffice
    • Published: Feb. 16, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-3956

    The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privile... Read more

    • Published: Dec. 16, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2020-1931

    A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the is... Read more

    Affected Products : spamassassin
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 293633 Results