Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2013-5049

    Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."... Read more

    Affected Products : internet_explorer
    • Published: Dec. 11, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2006-3650

    Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that trigg... Read more

    Affected Products : office
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2013-5026

    An ActiveX control in lookout650.ocx, lookout660.ocx, and lookout670.ocx in National Instruments Lookout 6.5 through 6.7 allows remote attackers to execute arbitrary code by triggering the download of, and calls to, an arbitrary DLL file.... Read more

    Affected Products : lookout
    • Published: Aug. 06, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-4978

    Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlier in Aloaha PDF Suite FREE allows remote attackers to execute arbitrary code via a crafted PDF file.... Read more

    • Published: Feb. 05, 2014
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2009-3866

    The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to ... Read more

    Affected Products : jre jdk
    • Published: Nov. 05, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2021-30954

    A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.... Read more

    • Published: Aug. 24, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2012-1877

    Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Title Element Change Remote Code Execution Vulnerability."... Read more

    • Published: Jun. 12, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-4848

    TP-Link TL-WDR4300 version 3.13.31 has multiple CSRF vulnerabilities.... Read more

    Affected Products : tl-wdr4300_firmware tl-wdr4300
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2013-4787

    Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does not violate the cryptogr... Read more

    Affected Products : android
    • Published: Jul. 09, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2020-27275

    Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to an out-of-bounds write while processing project files, which may allow an attacker to execute arbitrary code.... Read more

    Affected Products : cncsoft-b dopsoft
    • Published: Jan. 11, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2013-4737

    The CONFIG_STRICT_MEMORY_RWX implementation for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly consider certain memory sections, which makes it easier for atta... Read more

    Affected Products : quic_mobile_station_modem_kernel
    • Published: Feb. 15, 2014
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-4710

    Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (rebo... Read more

    Affected Products : android
    • Published: Mar. 03, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2020-0809

    A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0801, CVE-2020-0807, CVE-2020-0869.... Read more

    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2013-4436

    The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 does not validate the SSH host key of requests, which allows remote attackers to have unspecified impact via a man-in-the-middle (MITM) attack.... Read more

    Affected Products : salt
    • Published: Nov. 05, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2007-1667

    Multiple integer overflows in (1) the XGetPixel function in ImUtil.c in X.Org libx11 before 1.0.3, and (2) XInitImage function in xwd.c for ImageMagick, allow user-assisted remote attackers to cause a denial of service (crash) or obtain sensitive informat... Read more

    • Published: Mar. 24, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2013-3870

    Double free vulnerability in Microsoft Outlook 2007 SP3 and 2010 SP1 and SP2 allows remote attackers to execute arbitrary code by including many nested S/MIME certificates in an e-mail message, aka "Message Certificate Vulnerability."... Read more

    Affected Products : outlook
    • Published: Sep. 11, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-1940

    Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allows remote attackers t... Read more

    • Published: Jun. 05, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2022-26739

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.... Read more

    Affected Products : macos iphone_os tvos ipados
    • Published: May. 26, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2010-0032

    Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."... Read more

    Affected Products : powerpoint
    • Published: Feb. 10, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-0050

    Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.... Read more

    • Published: Mar. 15, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 293951 Results