Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2012-3604

    WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-S... Read more

    Affected Products : safari
    • Published: Jul. 25, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2009-3603

    Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of t... Read more

    Affected Products : xpdfreader poppler xpdf
    • Published: Oct. 21, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-4249

    An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves pktmnglr_ipfilter_input in com.apple.packet-mangler in the... Read more

    Affected Products : mac_os_x iphone_os watchos apple_tv
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-4383

    A memory corruption issue was addressed with improved state management. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-8660

    Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects... Read more

    Affected Products : edge windows_10 windows_server_2016
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2013-0090

    Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CCaret Use After Free Vulnerability."... Read more

    • Published: Mar. 13, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0088

    Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer saveHistory Use After Free Vulnerability."... Read more

    • Published: Mar. 13, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0079

    Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."... Read more

    Affected Products : visio visio_viewer office_filter_pack
    • Published: Mar. 13, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0094

    Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer removeChild Use After Free Vulnerability."... Read more

    • Published: Mar. 13, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0093

    Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer onBeforeCopy Use After Free Vulnerability."... Read more

    • Published: Mar. 13, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0082

    Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code via a crafted WordPerfect document (.wpd) file, aka "WPD File Format Memory Corruption Vulnerability."... Read more

    Affected Products : office
    • Published: Nov. 13, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0023

    Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer CDispNode Use After Free Vulnerability."... Read more

    • Published: Feb. 13, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0024

    Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer pasteHTML Use After Free Vulnerability."... Read more

    • Published: Feb. 13, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    CRITICAL
    CVE-2024-23346

    Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 202... Read more

    Affected Products : pymatgen pymatgen
    • Published: Feb. 21, 2024
    • Modified: Feb. 05, 2025

  • 9.3

    HIGH
    CVE-2013-0026

    Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer InsertElement Use After Free Vulnerability."... Read more

    • Published: Feb. 13, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0022

    Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer LsGetTrailInfo Use After Free Vulnerability."... Read more

    • Published: Feb. 13, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0006

    Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML Integer Truncation Vulnerability."... Read more

    • Published: Jan. 09, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0007

    Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not properly parse XML content, which allows remote attackers to execute arbitrary code via a crafted web page, aka "MSXML XSLT Vulnerability."... Read more

    • Published: Jan. 09, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0003

    Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (... Read more

    • Published: Jan. 09, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-5975

    The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass a... Read more

    Affected Products : linux_kernel tectia_server
    • Published: Dec. 04, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 294155 Results