Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2013-1328

    Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."... Read more

    Affected Products : publisher
    • Published: May. 15, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2007-4188

    Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to hijack administrative web sessions via unspecified vectors.... Read more

    Affected Products : joomla\! joomla
    • Published: Aug. 08, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2013-1307

    Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different vulner... Read more

    Affected Products : internet_explorer
    • Published: May. 15, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-1317

    Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability."... Read more

    Affected Products : publisher
    • Published: May. 15, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-1309

    Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer Use After Free Vulnerability," a different v... Read more

    Affected Products : internet_explorer
    • Published: May. 15, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-1323

    Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."... Read more

    Affected Products : publisher
    • Published: May. 15, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2007-5398

    Stack-based buffer overflow in the reply_netbios_packet function in nmbd/nmbd_packets.c in nmbd in Samba 3.0.0 through 3.0.26a, when operating as a WINS server, allows remote attackers to execute arbitrary code via crafted WINS Name Registration requests ... Read more

    Affected Products : samba
    • Published: Nov. 16, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2011-1277

    Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of servic... Read more

    • Published: Jun. 16, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2008-4201

    Heap-based buffer overflow in the decodeMP4file function (frontend/main.c) in FAAD2 2.6.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MPEG-4 (MP4) file.... Read more

    Affected Products : faad2 faad2
    • Published: Sep. 24, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-6019

    Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.... Read more

    Affected Products : flash_player air flex flash
    • Published: Apr. 09, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2013-1302

    Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE... Read more

    Affected Products : lync lync_server office_communicator
    • Published: May. 15, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2008-4813

    Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow remote attackers to execute arbitrary code via a crafted PDF document that (1) performs unspecified actions on a Collab object that trigger memory corruption, related to a GetCosObj metho... Read more

    Affected Products : acrobat acrobat_reader
    • Published: Nov. 05, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-0076

    Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."... Read more

    Affected Products : internet_explorer ie
    • Published: Feb. 12, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2013-1192

    The JAR files on Cisco Device Manager for Cisco MDS 9000 devices before 5.2.8, and Cisco Device Manager for Cisco Nexus 5000 devices, allow remote attackers to execute arbitrary commands on Windows client machines via a crafted element-manager.jnlp file, ... Read more

    • Published: Apr. 25, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2008-1390

    The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before 1.4.19-rc3 and 1.6.x before 1.6.0-beta6, Business Edition C.x.x before C.1.6, AsteriskNOW before 1.0.2, Appliance Developer Kit before revision 104704, and s800i 1.0.x before 1.1.0.2 generat... Read more

    • Published: Mar. 24, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2012-0708

    Heap-based buffer overflow in the Ole API in the CQOle ActiveX control in cqole.dll in IBM Rational ClearQuest 7.1.1 before 7.1.1.9, 7.1.2 before 7.1.2.6, and 8.0.0 before 8.0.0.2 allows remote attackers to execute arbitrary code via a crafted web page th... Read more

    Affected Products : rational_clearquest
    • Published: Apr. 22, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2009-0914

    Opera before 9.64 allows remote attackers to execute arbitrary code via a crafted JPEG image that triggers memory corruption.... Read more

    Affected Products : opera_browser
    • Published: Mar. 16, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2013-1169

    Cisco Unified MeetingPlace Web Conferencing Server 7.x before 7.1MR1 Patch 2, 8.0 before 8.0MR1 Patch 2, and 8.5 before 8.5MR3 Patch 1, when the Remember Me option is used, does not properly verify cookies, which allows remote attackers to impersonate use... Read more

    • Published: Apr. 11, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-1185

    The web interface in the Manager component in Cisco Unified Computing System (UCS) 1.x and 2.x before 2.0(2m) allows remote attackers to obtain sensitive information by reading a (1) technical-support bundle file or (2) on-device configuration backup, aka... Read more

    • Published: Apr. 25, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2016-1826

    Integer overflow in the dtrace implementation in the kernel in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context via a crafted app.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: May. 20, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 293704 Results