Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2009-0090

    Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP... Read more

    • Published: Oct. 14, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-0076

    Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a craf... Read more

    • Published: Feb. 10, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-0100

    Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File ... Read more

    • Published: Apr. 15, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-0194

    The domain-locking implementation in the GARMINAXCONTROL.GarminAxControl_t.1 ActiveX control in npGarmin.dll in the Garmin Communicator Plug-In 2.6.4.0 does not properly enforce the restrictions that (1) download and (2) upload requests come from a web si... Read more

    Affected Products : garmin_communicator_plugin
    • Published: May. 11, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-0098

    Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka... Read more

    Affected Products : exchange_server
    • Published: Feb. 10, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-0070

    Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a ... Read more

    Affected Products : safari
    • Published: Jan. 08, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-0176

    Multiple heap-based buffer overflows in the PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 al... Read more

    • Published: Jan. 20, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-0005

    Unspecified vulnerability in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted H.263 encoded movie file that triggers memory corruption.... Read more

    • Published: Jan. 21, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-0226

    Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 nati... Read more

    Affected Products : powerpoint office_powerpoint
    • Published: May. 12, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-0095

    Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."... Read more

    Affected Products : visio
    • Published: Feb. 10, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-0002

    Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms.... Read more

    • Published: Jan. 21, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-0097

    Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."... Read more

    Affected Products : visio
    • Published: Feb. 10, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-7249

    Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-116... Read more

    Affected Products : sarg
    • Published: Dec. 30, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-7177

    Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact and attack vectors, a different vulnerability than CVE-2008-2719.... Read more

    Affected Products : netwide_assembler nasm
    • Published: Sep. 08, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-7168

    Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009.... Read more

    Affected Products : uusee uuupgrade.ocx
    • Published: Sep. 08, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-7079

    Buffer overflow in Nero ShowTime 5.0.15.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a .M3U playlist file. NOTE: this issue might be related to CVE-2008-0619.... Read more

    Affected Products : showtime
    • Published: Aug. 25, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-7053

    LogMeIn Remote Access Utility ActiveX control (RACtrl.dll) allows remote attackers to cause a denial of service (crash) by setting the fgcolor and bgcolor properties to certain long values that trigger memory corruption.... Read more

    Affected Products : ractrl.dll
    • Published: Aug. 24, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-7074

    Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not pr... Read more

    Affected Products : i.scribe
    • Published: Aug. 25, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-6998

    Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in Google Chrome 0.2.149.27 and other versions before 0.2.149.29 might allow user-assisted remote attackers to execute arbitrary code via a link target (href attribute) with a large number of ... Read more

    Affected Products : chrome
    • Published: Aug. 19, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-6936

    Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in a pres:// URI, a different vector than CVE-2008-6935.... Read more

    Affected Products : exodus
    • Published: Aug. 11, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 294836 Results