Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2007-5820

    Directory traversal vulnerability in index.php in Ax Developer CMS (AxDCMS) 0.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.... Read more

    Affected Products : ax_developer_cms
    • Published: Nov. 05, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-2389

    Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption relat... Read more

    Affected Products : office
    • Published: Jul. 11, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2007-5894

    The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidenti... Read more

    Affected Products : kerberos_5
    • Published: Dec. 06, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-5814

    Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) cl... Read more

    Affected Products : ssl_vpn
    • Published: Nov. 05, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-15498

    cgi-bin/cmh/webcam.sh in Vera Edge Home Controller 1.7.4452 allows remote unauthenticated users to execute arbitrary OS commands via --output argument injection in the username parameter to /cgi-bin/cmh/webcam.sh.... Read more

    • Published: Aug. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2006-0323

    Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value ... Read more

    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    CRITICAL
    CVE-2024-42009

    A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail... Read more

    Affected Products : webmail
    • Actively Exploited
    • Published: Aug. 05, 2024
    • Modified: Jun. 11, 2025

  • 9.3

    HIGH
    CVE-2019-15388

    The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13)... Read more

    Affected Products : mega_5_firmware mega_5
    • Published: Nov. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-5709

    Stack-based buffer overflow in Sony SonicStage CONNECT Player (CP) 4.3 allows remote attackers to execute arbitrary code via a long file name in an M3U file.... Read more

    Affected Products : sonicstage_connect_player
    • Published: Oct. 30, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2024-28752

    A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including ... Read more

    • Published: Mar. 15, 2024
    • Modified: Jun. 27, 2025

  • 9.3

    HIGH
    CVE-2007-5706

    Absolute path traversal vulnerability in download.php in Jeebles Directory 2.9.60 allows remote attackers to read arbitrary files via a full pathname in the query string. NOTE: some of these details are obtained from third party information.... Read more

    Affected Products : jeebles_directory
    • Published: Oct. 29, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2016-1759

    The kernel in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Mar. 24, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2019-15312

    An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is a Zolo Halo DNS rebinding attack. The device was found to be vulnerable to DNS rebinding. Combined with one of the many /httpapi.asp endpoint command-execution security issue... Read more

    Affected Products : linkplay
    • Published: Jul. 01, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-12420

    When trying to connect to a STUN server, a race condition could have caused a use-after-free of a pointer, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68... Read more

    • Published: Jul. 09, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-15389

    The Haier A6 Android device with a build fingerprint of Haier/A6/A6:8.1.0/O11019/1534219877:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13). This app conta... Read more

    Affected Products : haier_a6_firmware haier_a6
    • Published: Nov. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-15286

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient vali... Read more

    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-8844

    Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. Process... Read more

    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-8814

    Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 13.2 and iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0, iCloud for Windows 7.15. Processing maliciously... Read more

    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-15284

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient vali... Read more

    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-8688

    Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Proc... Read more

    • Published: Dec. 18, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294733 Results