Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2012-5842

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before 2.14 allow remote attackers to cause a denial of... Read more

    • Published: Nov. 21, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2016-4190

    Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a differ... Read more

    • Published: Jul. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-4243

    Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a differ... Read more

    • Published: Jul. 13, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2011-0191

    Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used in ImageIO in Apple iTunes before 10.2 on Windows and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TI... Read more

    • Published: Mar. 03, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2008-3019

    Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the "Malform... Read more

    Affected Products : office works office_converter_pack
    • Published: Aug. 12, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2024-22267

    VMware Workstation and Fusion contain a use-after-free vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running ... Read more

    Affected Products : workstation macos fusion
    • Published: May. 14, 2024
    • Modified: Mar. 14, 2025

  • 9.3

    CRITICAL
    CVE-2024-22252

    VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process... Read more

    • Published: Mar. 05, 2024
    • Modified: Mar. 27, 2025

  • 9.3

    CRITICAL
    CVE-2024-22253

    VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process... Read more

    • Published: Mar. 05, 2024
    • Modified: May. 07, 2025

  • 9.3

    HIGH
    CVE-2012-5360

    Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted QT file.... Read more

    Affected Products : ffmpeg
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2010-0489

    Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability."... Read more

    • Published: Mar. 31, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-5359

    Libavcodec in FFmpeg before 0.11 allows remote attackers to execute arbitrary code via a crafted ASF file.... Read more

    Affected Products : ffmpeg
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2024-22199

    This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentia... Read more

    Affected Products : django
    • Published: Jan. 11, 2024
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2012-5306

    Stack-based buffer overflow in the SelectDirectory method in DcsCliCtrl.dll in Camera Stream Client ActiveX Control, as used in D-Link DCS-5605 PTZ IP Network Camera, allows remote attackers to cause a denial of service (crash) and possibly execute arbitr... Read more

    • Published: Oct. 06, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2020-9560

    Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution .... Read more

    Affected Products : windows bridge
    • Published: Jun. 26, 2020
    • Modified: May. 05, 2025

  • 9.3

    HIGH
    CVE-2020-9652

    Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution .... Read more

    Affected Products : premiere_pro windows
    • Published: Jun. 25, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2011-1963

    Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "XSLT Memory Corruption Vulnera... Read more

    • Published: Aug. 10, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-5054

    Integer overflow in the copyRawDataTo method in the Matrix3D class in Adobe Flash Player before 11.4.402.265 allows remote attackers to execute arbitrary code via malformed arguments.... Read more

    Affected Products : flash_player
    • Actively Exploited
    • Published: Sep. 24, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-1903

    Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption ... Read more

    Affected Products : word office_word_viewer
    • Published: Aug. 11, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-4988

    Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.... Read more

    Affected Products : xnview
    • Published: Jul. 09, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2020-21884

    Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafte... Read more

    • Published: Apr. 09, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 293967 Results