Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2006-1301

    Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.... Read more

    Affected Products : excel_viewer excel
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2006-1309

    Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.... Read more

    Affected Products : excel_viewer excel
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2008-4231

    Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 does not properly handle HTML TABLE elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application cr... Read more

    Affected Products : iphone_os safari ipod_touch
    • Published: Nov. 25, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-4217

    Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows remote attackers to execute arbitrary code via the headers in a crafted CPIO archive, leading to a stack-based buffer overflow.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Dec. 17, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-4686

    Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.... Read more

    Affected Products : vlc_media_player
    • Published: Oct. 22, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2012-1949

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possib... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Jul. 18, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2007-3300

    Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.... Read more

    • Published: Jun. 20, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-1993

    Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to execute arbitrary code by sending "a call to procedure 5, followed by a crafted payload to procedure 2."... Read more

    Affected Products : hp-ux
    • Published: Apr. 12, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3305

    Heap-based buffer overflow in Cerulean Studios Trillian 3.x before 3.1.6.0 allows remote attackers to execute arbitrary code via a message sent through the MSN protocol, or possibly other protocols, with a crafted UTF-8 string, which triggers improper mem... Read more

    Affected Products : trillian
    • Published: Jun. 21, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2020-10255

    Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this vulnerability, the attacker needs to... Read more

    • Published: Mar. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-10209

    Command Injection in the CPE WAN Management Protocol (CWMP) registration in Amino Communications AK45x series, AK5xx series, AK65x series, Aria6xx series, Aria7/AK7Xx series and Kami7B allows man-in-the-middle attackers to execute arbitrary commands with ... Read more

    • Published: Dec. 30, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-4132

    Stack-based buffer overflow in the VSFlexGrid.VSFlexGridL ActiveX control in ComponentOne VSFlexGrid 7.0.1.151 and 8.0.20072.239 allows remote attackers to execute arbitrary code via a long first argument to the Archive method. NOTE: the provenance of th... Read more

    Affected Products : vsflexgrid
    • Published: Sep. 19, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2020-10015

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary ... Read more

    Affected Products : macos mac_os_x
    • Published: Apr. 02, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-0992

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, ... Read more

    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-0997

    <p>A remote code execution vulnerability exists when the Windows Camera Codec Pack improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current u... Read more

    • Published: Sep. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-0988

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, ... Read more

    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-0994

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, ... Read more

    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-0961

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'.... Read more

    Affected Products : office office_365_proplus
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-0991

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0760.... Read more

    Affected Products : office office_365_proplus
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-0960

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, ... Read more

    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294696 Results