Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2009-3868

    Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafte... Read more

    Affected Products : solaris windows jre sdk jdk java_se
    • Published: Nov. 05, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2012-5945

    Multiple buffer overflows in the Vsflex8l ActiveX control in IBM SPSS SamplePower 3.0 before FP1 allow remote attackers to execute arbitrary code via a long (1) ComboList or (2) ColComboList property value.... Read more

    Affected Products : spss_samplepower
    • Published: Apr. 30, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2016-3316

    Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Memory Corruption Vulnerability."... Read more

    Affected Products : word word_for_mac
    • Published: Aug. 09, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3358

    Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel Aut... Read more

    • Published: Sep. 14, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-3364

    Microsoft Visio 2016 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."... Read more

    Affected Products : visio
    • Published: Sep. 14, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2013-3875

    Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."... Read more

    Affected Products : internet_explorer
    • Published: Oct. 09, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-5838

    The copyTexImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application c... Read more

    • Published: Nov. 21, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-3914

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."... Read more

    Affected Products : internet_explorer
    • Published: Nov. 13, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-5843

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute... Read more

    • Published: Nov. 21, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-5829

    Heap-based buffer overflow in the nsWindow::OnExposeEvent function in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allows remote attackers to execute ... Read more

    • Published: Nov. 21, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-5833

    The texImage2D implementation in the WebGL subsystem in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 does not properly interact with Mesa drivers, whi... Read more

    • Published: Nov. 21, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2015-8154

    The SysPlant.sys driver in the Application and Device Control (ADC) component in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6-MP4 allows remote attackers to execute arbitrary code via a crafted HTML document, related to "RWX Permission... Read more

    • Published: Mar. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2012-5842

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of... Read more

    • Published: Nov. 21, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2016-4190

    Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a differ... Read more

    • Published: Jul. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-4243

    Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a differ... Read more

    • Published: Jul. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2011-0191

    Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TI... Read more

    • Published: Mar. 03, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2008-3019

    Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the "Malform... Read more

    Affected Products : office works office_converter_pack
    • Published: Aug. 12, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2024-22267

    VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running ... Read more

    Affected Products : workstation macos fusion
    • Published: May. 14, 2024
    • Modified: Mar. 14, 2025

  • 9.3

    CRITICAL
    CVE-2024-22252

    VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process... Read more

    • Published: Mar. 05, 2024
    • Modified: Mar. 27, 2025

  • 9.3

    CRITICAL
    CVE-2024-22253

    VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process... Read more

    • Published: Mar. 05, 2024
    • Modified: May. 07, 2025
Showing 20 of 293929 Results