Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2019-5414

    If an attacker can control the port, which in itself is a very sensitive value, they can inject arbitrary OS commands due to the usage of the exec function in a third-party module kill-port < 1.3.2.... Read more

    Affected Products : kill-port
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-3879

    The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 and earlier in Ultra Shareware Ultra Office Control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open me... Read more

    Affected Products : ultra_office_control
    • Published: Sep. 02, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-8464

    An remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge PDF Remote Code Execution Vulnerability." This affects Microsoft Edge.... Read more

    Affected Products : edge windows_10 windows_server_2016
    • Published: Sep. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2014-2778

    Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted embedded font in a (1) .doc or (2) .docx document, aka "Embedded Font Vulnerability."... Read more

    Affected Products : word office_compatibility_pack
    • Published: Jun. 11, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2019-5287

    P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root pe... Read more

    Affected Products : p30_firmware p30
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-5241

    There is a privilege escalation vulnerability in Huawei PCManager versions earlier than PCManager 9.0.1.50. The attacker can tricking a user to install and run a malicious application to exploit this vulnerability. Successful exploitation may cause the at... Read more

    Affected Products : pcmanager
    • Published: Jun. 06, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-5288

    P30 smart phones with versions earlier than ELLE-AL00B 9.1.0.193(C00E190R2P1) have an integer overflow vulnerability due to insufficient check on specific parameters. An attacker tricks the user into installing a malicious application, obtains the root pe... Read more

    Affected Products : p30_firmware p30
    • Published: Nov. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-4561

    IBM Security Identity Manager 6.0.0 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulner... Read more

    Affected Products : security_identity_manager
    • Published: Nov. 20, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-3855

    An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a ... Read more

    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-3462

    Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine.... Read more

    • Published: Jan. 28, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2019-3020

    Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 15.1.0-15.2.18, 16.1.0-16.2.18, 17.1.0-17.12.14 and 18.1.0-18.8.11. ... Read more

    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-3732

    Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file, which triggers a heap-based buffer ... Read more

    Affected Products : vlc_media_player
    • Published: Aug. 20, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-2846

    Heap-based buffer overflow in the SIS unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted SIS archive, resulting from an "integer cast around."... Read more

    Affected Products : avast\!_antivirus avast\!_antivirus
    • Published: May. 24, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2019-2702

    Vulnerability in the Oracle Hospitality Cruise Dining Room Management component of Oracle Hospitality Applications (subcomponent: Web Service). The supported version that is affected is 8.0.80. Easily exploitable vulnerability allows unauthenticated attac... Read more

    • Published: Apr. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-10696

    A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTP(s) server and then write files to the user's system anywhere that the user has p... Read more

    • Published: Mar. 31, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-3702

    Multiple stack-based buffer overflows in the Animation GIF ActiveX control in JComSoft AniGIF.ocx 1.12 and 2.47, as used in products such as SpeedBit Download Accelerator Plus (DAP) 8.6, allow remote attackers to execute arbitrary code via a long argument... Read more

    Affected Products : download_accelerator_plus anigif
    • Published: Aug. 15, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2011-2016

    Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current w... Read more

    • Published: Nov. 08, 2011
    • Modified: Jun. 04, 2025

  • 9.3

    HIGH
    CVE-2008-4264

    Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML ... Read more

    • Published: Dec. 10, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-3648

    nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.... Read more

    Affected Products : windows_xp
    • Published: Aug. 12, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-3635

    Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an unspecified third-party Indeo v3.2 (aka IV32) codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, allows remote attackers to execute arbitrary code or cause a denial... Read more

    • Published: Sep. 11, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 294704 Results