Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2007-0071

    Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a... Read more

    Affected Products : flash_player
    • Published: Apr. 09, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-4384

    Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX control (LPControl.dll), as acquired by Roxio and iseemedia, allow remote attackers to execute arbitrary code via the (1) url, (2) toolbar, and (3) enableZoomPastMax methods.... Read more

    Affected Products : lpviewer lpviewer lpviewer
    • Published: Oct. 07, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2010-3776

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird before 3.0.11 and 3.1.x before 3.1.7, and SeaMonkey before 2.0.11 allow remote attackers to cause a denial of service (memory ... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Dec. 10, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2015-7611

    Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to execute arbitrary system commands via unspecified vectors.... Read more

    Affected Products : james james_server
    • Published: Jun. 07, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2013-1735

    Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers ... Read more

    • Published: Sep. 18, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-1750

    Heap-based buffer overflow in RealNetworks RealPlayer before 16.0.1.18 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a malformed MP4 file.... Read more

    Affected Products : realplayer realplayer_sp
    • Published: Mar. 20, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-1142

    FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap write operation and memory corruption) or possibly execute arbitrary code via crafted glyph-outli... Read more

    Affected Products : freetype firefox_mobile
    • Published: Apr. 25, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-1522

    Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Cached Object Remote Code Execution Vulnerability."... Read more

    • Published: Jul. 10, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-2135

    Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.... Read more

    Affected Products : struts
    • Published: Jul. 16, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-2097

    ZPanel through 10.1.0 has Remote Command Execution... Read more

    Affected Products : zpanel
    • Published: Feb. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-0561

    Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Mi... Read more

    • Published: Jun. 10, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-1759

    Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbi... Read more

    Affected Products : dtorrent ctorrent
    • Published: May. 22, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2013-2115

    Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for ... Read more

    Affected Products : struts
    • Published: Jul. 10, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2015-8642

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler befor... Read more

    • Published: Dec. 28, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2007-4821

    Buffer overflow in a certain ActiveX control in officeviewer.ocx 5.2.218.1 in EDraw Office Viewer Component 5.2 allows remote attackers to execute arbitrary code via a long first argument to the HttpDownloadFileToTempDir method, a different vulnerability ... Read more

    Affected Products : office_viewer_component
    • Published: Sep. 11, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2013-2090

    The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtai... Read more

    Affected Products : creme_fraiche
    • Published: May. 27, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2014-1797

    Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-20... Read more

    Affected Products : internet_explorer
    • Published: Jun. 11, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2013-2019

    Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers to have unspecified impact via multiple file_signature elements.... Read more

    Affected Products : boinc boinc boinc_client
    • Published: Jun. 02, 2014
    • Modified: Jul. 08, 2025

  • 9.3

    HIGH
    CVE-2007-2867

    Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (cr... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Jun. 01, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2013-1966

    Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.... Read more

    Affected Products : struts
    • Published: Jul. 10, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 294119 Results