Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    CRITICAL
    CVE-2016-0088

    Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability."... Read more

    • Published: Apr. 12, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2010-5191

    Multiple cross-site request forgery (CSRF) vulnerabilities on the Blue Coat ProxyAV appliance before 3.2.6.1 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password, (2) modify a policy, or (3) restart... Read more

    Affected Products : proxyav avos
    • Published: Aug. 26, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-3131

    Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 on Windows XP allows local users, and possibly remote attackers, to execute arbitrary ... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Aug. 26, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2014-2782

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE... Read more

    Affected Products : internet_explorer
    • Published: Jun. 19, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2013-1721

    Integer overflow in the drawLineLoop function in the libGLESv2 library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 24.0 and SeaMonkey before 2.21, allows remote attackers to execute arbitrary code via a crafted web si... Read more

    Affected Products : firefox seamonkey
    • Published: Sep. 18, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-1688

    The Profiler implementation in Mozilla Firefox before 22.0 parses untrusted data during UI rendering, which allows user-assisted remote attackers to execute arbitrary JavaScript code via a crafted web site.... Read more

    Affected Products : firefox
    • Published: Jun. 26, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-1690

    Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a de... Read more

    • Actively Exploited
    • Published: Jun. 26, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-3175

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.6.x before 3.6.11 and Thunderbird 3.1.x before 3.1.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrar... Read more

    Affected Products : firefox thunderbird
    • Published: Oct. 21, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2016-0936

    Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC Classic before 15.006.30119, and Acrobat and Acrobat Reader DC Continuous before 15.010.20056 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service... Read more

    • Published: Jan. 14, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2013-1674

    Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code via vectors involving an onresize event during... Read more

    • Published: May. 16, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-0117

    RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows do not properly handle dimensions during YUV420 transformations, which might allow remote attackers to execute arbitrary code via crafted MP4 content.... Read more

    Affected Products : realplayer windows realplayer_sp
    • Published: Aug. 30, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-1638

    Opera before 12.13 allows remote attackers to execute arbitrary code via crafted clipPaths in an SVG document.... Read more

    Affected Products : opera_browser
    • Published: Feb. 08, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-1685

    Use-after-free vulnerability in the nsIDocument::GetRootElement function in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allows remote attackers to execute arbitrary code or... Read more

    • Published: Jun. 26, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2006-3845

    Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 beta 6 allows remote attackers to execute arbitrary code via a long filename in a LHA archive.... Read more

    Affected Products : winrar
    • Published: Jul. 25, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2006-6504

    Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.... Read more

    Affected Products : firefox ubuntu_linux seamonkey
    • Published: Dec. 20, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-0515

    Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdroppe... Read more

    Affected Products : office word word_viewer works
    • Published: Jan. 26, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2020-25178

    ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protoco... Read more

    • Published: Mar. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-0942

    Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," whi... Read more

    • Published: May. 08, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2013-1331

    Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."... Read more

    Affected Products : office
    • Actively Exploited
    • Published: Jun. 12, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2007-3902

    Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an ... Read more

    Affected Products : internet_explorer ie
    • Published: Dec. 12, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 293946 Results