Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2014-1756

    Untrusted search path vulnerability in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1, when the Simplified Chinese Proofing Tool is enabled, allows local users to gain privileges via a Trojan horse DLL in the current worki... Read more

    Affected Products : office
    • Published: May. 14, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2009-1832

    Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame co... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Jun. 12, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-1840

    Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a ... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Jun. 12, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2014-1245

    Integer signedness error in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted stsz atom in a movie file.... Read more

    Affected Products : quicktime
    • Published: Feb. 27, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2014-1202

    The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.... Read more

    Affected Products : soapui soapui
    • Published: Jan. 25, 2014
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2014-1209

    VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution of an arbitrary program via unspecified vectors.... Read more

    Affected Products : vsphere_client
    • Published: Apr. 11, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2019-1462

    A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka 'Microsoft PowerPoint Remote Code Execution Vulnerability'.... Read more

    Affected Products : office office_365_proplus powerpoint
    • Published: Dec. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2014-1246

    Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file.... Read more

    Affected Products : quicktime
    • Published: Feb. 27, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2010-3336

    Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read... Read more

    • Published: Nov. 10, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-3818

    Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vector... Read more

    • Published: Nov. 22, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2009-3301

    Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word docume... Read more

    Affected Products : ubuntu_linux debian_linux openoffice
    • Published: Feb. 16, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-3956

    The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privile... Read more

    • Published: Dec. 16, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2020-1931

    A command execution issue was found in Apache SpamAssassin prior to 3.4.3. Carefully crafted nefarious Configuration (.cf) files can be configured to run system commands similar to CVE-2018-11805. This issue is less stealthy and attempts to exploit the is... Read more

    Affected Products : spamassassin
    • Published: Jan. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-3796

    Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."... Read more

    Affected Products : flash_player adobe_air
    • Published: Dec. 10, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2016-3382

    The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by the Chakra JavaScript engine,... Read more

    Affected Products : edge internet_explorer
    • Published: Oct. 14, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3396

    Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2;... Read more

    • Published: Oct. 14, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2009-3995

    Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Imp... Read more

    Affected Products : winamp libmikmod
    • Published: Dec. 18, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2013-3663

    Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed BMP.... Read more

    Affected Products : sketchup sketchup
    • Published: Jun. 13, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2007-2845

    Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted CAB archive, resulting from an "integer cast around".... Read more

    Affected Products : avast_antivirus
    • Published: May. 24, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2013-3849

    Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code o... Read more

    • Published: Sep. 11, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293983 Results