Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2011-2113

    Multiple buffer overflows in the Shockwave3DAsset component in Adobe Shockwave Player before 11.6.0.626 allow attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : shockwave_player
    • Published: Jun. 16, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-2009

    Untrusted search path vulnerability in Windows Media Center in Microsoft Windows Vista SP2 and Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista, allows local users to gain privileges via a Trojan horse DLL in the current working ... Read more

    • Published: Oct. 12, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-2019

    Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a direct... Read more

    • Published: Dec. 14, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-2003

    Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code... Read more

    • Published: Oct. 12, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-1999

    Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability."... Read more

    • Published: Oct. 12, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-2225

    Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows attackers to have an unknown impact via a crafted directory pathname that is inserted into config.sh.... Read more

    Affected Products : kiwi suse_studio_onsite
    • Published: Aug. 23, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-1990

    Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and Excel Services on Office SharePoint Server 2007 SP2 do not properly validate the sign of an unspecif... Read more

    • Published: Sep. 15, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-1969

    Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vecto... Read more

    Affected Products : forefront_unified_access_gateway
    • Published: Oct. 12, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-1998

    Microsoft Internet Explorer 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "Jscript9.dll Remote Code Execution Vulnerability."... Read more

    • Published: Oct. 12, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-1975

    Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse... Read more

    Affected Products : windows_7 windows_server_2008
    • Published: Aug. 10, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-2000

    Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "Body Element Remote Code Execution Vulnerability."... Read more

    • Published: Oct. 12, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-1964

    Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Style Object Memory Corruption... Read more

    • Published: Aug. 10, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2020-16256

    The API on Winston 1.5.4 devices is vulnerable to CSRF.... Read more

    Affected Products : winston_firmware winston
    • Published: Oct. 28, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-7212

    Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow remote attackers to execute arbitrary code via a c... Read more

    • Published: Nov. 10, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2020-16208

    The affected product is vulnerable to cross-site request forgery, which may allow an attacker to modify different configurations of a device by luring an authenticated user to click on a crafted link on the N-Tron 702-W / 702M12-W (all versions).... Read more

    • Published: Sep. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2009-1532

    Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via "malformed r... Read more

    • Published: Jun. 10, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2014-6344

    Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."... Read more

    Affected Products : internet_explorer
    • Published: Nov. 11, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2011-1704

    Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted core-package parameter in a printer-url.... Read more

    Affected Products : iprint
    • Published: Jun. 09, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-1706

    Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted iprint-client-config-info parameter in a printer-url.... Read more

    Affected Products : iprint
    • Published: Jun. 09, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-1701

    Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-name parameter in a printer-url.... Read more

    Affected Products : iprint
    • Published: Jun. 09, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 294116 Results