Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2006-2383

    Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, whic... Read more

    Affected Products : internet_explorer
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2006-2379

    Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.... Read more

    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2006-2218

    Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags... Read more

    Affected Products : internet_explorer windows_xp
    • Published: May. 05, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2012-0619

    WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CV... Read more

    Affected Products : itunes iphone_os
    • Published: Mar. 08, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2020-11581

    An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, allows a man-in-the-middle attacker to perform OS command ... Read more

    • Published: Apr. 06, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-4265

    Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Pars... Read more

    • Published: Dec. 10, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2020-1028

    A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1126, CVE-2020-1136, CVE-2020-1150.... Read more

    • Published: May. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2006-1301

    Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.... Read more

    Affected Products : excel_viewer excel
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2006-1309

    Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.... Read more

    Affected Products : excel_viewer excel
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2008-4231

    Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application cr... Read more

    Affected Products : iphone_os safari ipod_touch
    • Published: Nov. 25, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-4217

    Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Dec. 17, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-4686

    Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.... Read more

    Affected Products : vlc_media_player
    • Published: Oct. 22, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2012-1949

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possib... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Jul. 18, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2007-3300

    Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.... Read more

    • Published: Jun. 20, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-1993

    Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to execute arbitrary code by sending "a call to procedure 5, followed by a crafted payload to procedure 2."... Read more

    Affected Products : hp-ux
    • Published: Apr. 12, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3305

    Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper mem... Read more

    Affected Products : trillian
    • Published: Jun. 21, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2020-10255

    Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this vulnerability, the attacker needs to... Read more

    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-10209

    Command Injection in the CPE WAN Management Protocol (CWMP) registration in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows man-in-the-middle attackers to execute arbitrary commands with ... Read more

    • Published: Dec. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-4132

    Stack-based buffer overflow in the VSFlexGrid.VSFlexGridL ActiveX control in ComponentOne VSFlexGrid 7.0.1.151 and 8.0.20072.239 allows remote attackers to execute arbitrary code via a long first argument to the Archive method. NOTE: the provenance of th... Read more

    Affected Products : vsflexgrid
    • Published: Sep. 19, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2020-10015

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary ... Read more

    Affected Products : macos mac_os_x
    • Published: Apr. 02, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294693 Results