Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2008-0234

    Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions before 7.4.1, when RTSP tunneling is enabled, allows remote attackers to execute arbitrary code via a long Reason-Phrase response to an rtsp:// request, as demonstrated using a 404 erro... Read more

    Affected Products : quicktime
    • Published: Jan. 11, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-2201

    In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User i... Read more

    Affected Products : android ubuntu_linux
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-2185

    In VlcDequantH263IntraBlock_SH of vlc_dequant.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.... Read more

    Affected Products : android
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-2186

    In GetMBheader of combined_decode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: And... Read more

    Affected Products : android
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-3621

    VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving H.264 encoded media.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Sep. 16, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-2126

    In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. ... Read more

    Affected Products : android ubuntu_linux fedora leap
    • Published: Aug. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2011-4855

    The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving... Read more

    • Published: Dec. 16, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2019-2093

    In huff_dec_1D of nlc_dec.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. V... Read more

    Affected Products : android
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-3625

    Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a QuickTime Virtual Reality (QTVR) movie file with crafted (1) maxTilt, (2) minFieldOfView, ... Read more

    Affected Products : quicktime
    • Published: Sep. 11, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-2099

    In nfa_rw_store_ndef_rx_buf of nfa_rw_act.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitatio... Read more

    Affected Products : android
    • Published: Jun. 07, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-2018

    In resetPasswordInternal of DevicePolicyManagerService.java, there is a possible bypass of password reset protection due to an unusual root cause. Remote user interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9Android ID... Read more

    Affected Products : android
    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-0116

    Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."... Read more

    • Published: Mar. 11, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-2044

    In MakeMP>G4VideoCodecSpecificData of APacketSource.cpp, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interactio... Read more

    Affected Products : android
    • Published: May. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-3615

    ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (applicatio... Read more

    Affected Products : quicktime windows
    • Published: Sep. 11, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-25071

    A vulnerability was found in Apple iPhone up to 12.4.1. It has been declared as critical. Affected by this vulnerability is Siri. Playing an audio or video file might be able to initiate Siri on the same device which makes it possible to execute commands ... Read more

    Affected Products : iphone_os
    • Published: Jun. 25, 2022
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-3558

    Stack-based buffer overflow in the WebexUCFObject ActiveX control in atucfobj.dll in Cisco WebEx Meeting Manager before 20.2008.2606.4919 allows remote attackers to execute arbitrary code via a long argument to the NewObject method.... Read more

    Affected Products : webex_meeting_manager
    • Published: Aug. 08, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-3473

    Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive informat... Read more

    • Published: Oct. 15, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-3476

    Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Objects Memory Corruption Vulnerabili... Read more

    • Published: Oct. 15, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-3460

    WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG file, ak... Read more

    Affected Products : office works office_converter_pack
    • Published: Aug. 12, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-3480

    Stack-based buffer overflow in the Anzio Web Print Object (WePO) ActiveX control 3.2.19 and 3.2.24, as used in Anzio Print Wizard, allows remote attackers to execute arbitrary code via a long mainurl parameter.... Read more

    Affected Products : print_wizard web_print_object
    • Published: Aug. 29, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 294690 Results