Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2010-1903

    Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption ... Read more

    Affected Products : word office_word_viewer
    • Published: Aug. 11, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-4988

    Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.... Read more

    Affected Products : xnview
    • Published: Jul. 09, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2020-21884

    Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Series 2.4 contain a cross-site request forgery (CSRF) vulnerability in /tools/network-trace, /list_users, /list_byod?usertype=raduser, /dhcp_leases, /go?rid=202 in which a specially crafte... Read more

    • Published: Apr. 09, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2010-2164

    Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, might allow attackers to execute arbitrary code via unspecified vectors related to an unspecified "image type within a certai... Read more

    Affected Products : flash_player flash_player air
    • Published: Jun. 15, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-2189

    Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, when used in conjunction with VMWare Tools on a VMWare platform, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitr... Read more

    Affected Products : flash_player flash_player air
    • Published: Jun. 15, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-4924

    Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX component 1.0.0.1 for ASUS Net4Switch 1.0.0020 allows remote attackers to execute arbitrary code via a long parameter to the Alert method.... Read more

    • Published: Sep. 15, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-4914

    Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows remote attackers to execute arbitrary code via a PDF document with a crafted stream.... Read more

    Affected Products : coolpdf
    • Published: Jan. 26, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-4875

    Heap-based buffer overflow in gdevwpr2.c in Ghostscript 9.04, when processing the OutputFile device parameter, allows user-assisted remote attackers to execute arbitrary code via a long file name in a PostScript document. NOTE: as of 20120314, the develo... Read more

    Affected Products : gpl_ghostscript
    • Published: Sep. 06, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-4907

    Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page.... Read more

    Affected Products : android chrome
    • Published: Sep. 13, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-4823

    Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Change, Tivoli... Read more

    • Published: Jan. 11, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    CRITICAL
    CVE-2024-21810

    Improper input validation in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    • Published: Aug. 14, 2024
    • Modified: Aug. 14, 2024

  • 9.3

    HIGH
    CVE-2012-4865

    Buffer overflow in Oreans Themida 2.1.8.0 allows remote attackers to execute arbitrary code via a crafted .TMD file.... Read more

    Affected Products : themida
    • Published: Sep. 06, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-2567

    The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malfor... Read more

    Affected Products : windows_server_2003 windows_xp
    • Published: Sep. 15, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-4782

    Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "CMarkup Use After Free Vulnerability."... Read more

    • Published: Dec. 12, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-4774

    Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that trigg... Read more

    • Published: Dec. 12, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-2760

    Use-after-free vulnerability in the nsTreeSelection function in Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird before 3.0.7 and 3.1.x before 3.1.3, and SeaMonkey before 2.0.7 might allow remote attackers to execute arbitrary code via ve... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Sep. 09, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-4775

    Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreeNode Use After Free Vulnerability."... Read more

    • Published: Nov. 14, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-4822

    Multiple unspecified vulnerabilities in the JRE component in IBM Java 7 SR2 and earlier, Java 6.0.1 SR3 and earlier, Java 6 SR11 and earlier, Java 5 SR14 and earlier, and Java 142 SR13 FP13 and earlier; as used in IBM Rational Host On-Demand, Rational Cha... Read more

    • Published: Jan. 11, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-4700

    Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in IntegraXor SCADA Server 4.00 build 4250.0 and earlier allow remote attackers to execute arbitrary code via a crafted HTML document.... Read more

    Affected Products : integraxor
    • Published: Feb. 08, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-4655

    The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not properly validate binaries that are received by the downloader process, which allows remote attackers to execute arbitrary code via vectors involving (1) ActiveX or (2) Java components... Read more

    Affected Products : secure_desktop
    • Published: Sep. 24, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 294132 Results