Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2010-3777

    Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and Thunderbird 3.1.x before 3.1.7 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.... Read more

    Affected Products : firefox thunderbird
    • Published: Dec. 10, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-0024

    Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted capture file.... Read more

    Affected Products : wireshark
    • Published: Mar. 28, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-0033

    The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, whic... Read more

    • Published: Feb. 10, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-0097

    Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 allows... Read more

    • Published: Apr. 13, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2016-4738

    libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.... Read more

    • Published: Sep. 25, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2020-3713

    Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : windows illustrator_cc
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-3856

    A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted string may lead to heap corruption.... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos ipados
    • Published: Feb. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2010-3801

    Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted FlashPix file.... Read more

    Affected Products : quicktime
    • Published: Dec. 09, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-0175

    Use-after-free vulnerability in the nsTreeSelection implementation in Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.9, Thunderbird before 3.0.4, and SeaMonkey before 2.0.4 allows remote attackers to execute arbitrary code or cause a denial of service... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Apr. 05, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-0183

    Use-after-free vulnerability in the nsCycleCollector::MarkRoots function in Mozilla Firefox 3.5.x before 3.5.10 and SeaMonkey before 2.0.5 allows remote attackers to execute arbitrary code via a crafted HTML document, related to an improper frame construc... Read more

    Affected Products : firefox seamonkey
    • Published: Jun. 24, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-0263

    Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer SP1 and SP2; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Office SharePoint Server 20... Read more

    • Published: Mar. 10, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    CRITICAL
    CVE-2020-15231

    In mapfish-print before version 3.24, a user can use the JSONP support to do a Cross-site scripting.... Read more

    Affected Products : print
    • Published: Oct. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-15232

    In mapfish-print before version 3.24, a user can do to an XML External Entity (XXE) attack with the provided SDL style.... Read more

    Affected Products : print
    • Published: Oct. 02, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-15229

    Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the hos... Read more

    Affected Products : leap backports_sle singularity
    • Published: Oct. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2010-5194

    Stack-based buffer overflow in the Image2PDF function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0, Gold 5.5, Gold 6.0, and earlier allows remote attackers to execute arbitrary code via a long strPDFF... Read more

    • Published: Aug. 31, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2019-8523

    Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, Safari 12.1, iTunes 12.9.4 for Windows, iCloud for Windows 7.11. Processing maliciously crafted web content may lead to arbitrary c... Read more

    Affected Products : itunes iphone_os tvos safari icloud
    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2010-5081

    Stack-based buffer overflow in Mini-Stream RM-MP3 Converter 3.1.2.1 allows remote attackers to execute arbitrary code via a long URL in a .pls file.... Read more

    Affected Products : rm-mp3_converter
    • Published: Dec. 25, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    CRITICAL
    CVE-2020-15178

    In PrestaShop contactform module (prestashop/contactform) before version 4.3.0, an attacker is able to inject JavaScript while using the contact form. The `message` field was incorrectly unescaped, possibly allowing attackers to execute arbitrary JavaScri... Read more

    Affected Products : contactform
    • Published: Sep. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2010-1262

    Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, related to the CStyleSheet object and a fre... Read more

    • Published: Jun. 08, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2020-9759

    A Vulnerability of LG Electronic web OS TV Emulator could allow an attacker to escalate privileges and overwrite certain files. This vulnerability is due to wrong environment setting. An attacker could exploit this vulnerability through crafted configurat... Read more

    Affected Products : webos
    • Published: Mar. 23, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294426 Results