Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2012-0192

    Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PNG image object in a Symphony document that triggers a he... Read more

    Affected Products : lotus_symphony
    • Published: Jan. 23, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-0151

    The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate th... Read more

    • Actively Exploited
    • Published: Apr. 10, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-0165

    GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "G... Read more

    • Published: May. 09, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-0150

    Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."... Read more

    • Published: Feb. 14, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-0185

    Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of m... Read more

    • Published: May. 09, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2020-1407

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1400, CVE-2020-1401.... Read more

    • Published: Jul. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2014-1766

    Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by Sebastian Apelt and Andreas Schmidt during a Pwn2Own competition at CanS... Read more

    Affected Products : internet_explorer
    • Published: Apr. 27, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2012-0143

    Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulner... Read more

    Affected Products : office excel
    • Published: May. 09, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-0204

    Untrusted search path vulnerability in InfoSphere Import Export Manager 8.1 through 9.1 in InfoSphere Information Server MetaBrokers & Bridges (MBB) in IBM InfoSphere Information Server 8.1, 8.5 before FP3, 8.7, and 9.1 allows local users to gain privileg... Read more

    • Published: Jan. 31, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-0018

    Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."... Read more

    Affected Products : visio_viewer
    • Published: May. 09, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-0011

    Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability."... Read more

    • Published: Feb. 14, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-0009

    Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstr... Read more

    Affected Products : windows_server_2003 windows_xp
    • Published: Jan. 10, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-0015

    Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, o... Read more

    • Published: Feb. 14, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-0211

    debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before 2.11.4 allows remote attackers to execute arbitrary code via a crafted tarball file name in the top-level directory of an original (.orig) source tarball of a source package.... Read more

    Affected Products : devscripts
    • Published: Jun. 16, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-0002

    The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows... Read more

    • Published: Mar. 13, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2014-1770

    Use-after-free vulnerability in Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code via crafted JavaScript code that interacts improperly with a CollectGarbage function call on a CMarkup object allocated by the CMark... Read more

    Affected Products : internet_explorer
    • Published: May. 22, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2020-1412

    A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'.... Read more

    • Published: Jul. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2011-5293

    The cmdSave method in the ThreeDify.ThreeDifyDesigner.1 ActiveX control in ActiveSolid.dll in ThreeDify Designer 5.0.2 allows remote attackers to write to arbitrary files via a pathname in the argument.... Read more

    • Published: Jan. 01, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2011-5288

    Multiple buffer overflows in the ThreeDify.ThreeDifyDesigner.1 ActiveX control in ActiveSolid.dll in ThreeDify Designer 5.0.2 allow remote attackers to execute arbitrary code via a long argument to the (1) cmdExport, (2) cmdImport, (3) cmdOpen, or (4) cmd... Read more

    Affected Products : threedify_designer
    • Published: Jan. 01, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2020-12406

    Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Fire... Read more

    • Published: Jul. 09, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294125 Results