Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2015-8446

    Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before ... Read more

    • Published: Dec. 10, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8442

    Use-after-free vulnerability in the MovieClip object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.... Read more

    • Published: Dec. 10, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8437

    Use-after-free vulnerability in the Selection object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.... Read more

    • Published: Dec. 10, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-8049

    Use-after-free vulnerability in the TextField object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.... Read more

    • Published: Dec. 10, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-7661

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.... Read more

    • Published: Nov. 11, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-7659

    Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allow attackers to execute a... Read more

    • Published: Nov. 11, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-7645

    Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF file, as exploited in the wild in October 2015.... Read more

    • Actively Exploited
    • Published: Oct. 15, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-7055

    AppleMobileFileIntegrity in Apple iOS before 9.2 and tvOS before 9.1 does not prevent changes to access-control structures, which allows attackers to execute arbitrary code in a privileged context via a crafted app.... Read more

    Affected Products : iphone_os tvos
    • Published: Dec. 11, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6280

    The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly implement... Read more

    Affected Products : ios_xe ios
    • Published: Sep. 28, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6154

    Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vuln... Read more

    Affected Products : edge internet_explorer
    • Published: Dec. 09, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6136

    The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vuln... Read more

    Affected Products : internet_explorer vbscript jscript
    • Published: Dec. 09, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-6038

    Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allow re... Read more

    • Published: Nov. 11, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2019-12177

    Privilege escalation due to insecure directory permissions affecting ViveportDesktopService in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges via DLL hijacking.... Read more

    Affected Products : viveport
    • Published: Jun. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2015-4736

    Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.... Read more

    Affected Products : jdk jre
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-4452

    Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript ... Read more

    • Published: Jul. 15, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-3776

    IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist.... Read more

    Affected Products : mac_os_x iphone_os
    • Published: Aug. 16, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-3707

    The FireWire driver in IOFireWireFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Jul. 03, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-3693

    Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a ... Read more

    Affected Products : mac_os_x
    • Published: Jul. 03, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-3683

    The Bluetooth HCI interface implementation in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Jul. 03, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2007-5248

    Multiple format string vulnerabilities in the ID Software Doom 3 engine, as used by Doom 3 1.3.1 and earlier, Quake 4 1.4.2 and earlier, and Prey 1.3 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a... Read more

    Affected Products : doom_3 quake_4 prey
    • Published: Oct. 06, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 294754 Results