Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2009-4588

    Heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX control in WindsPly.ocx 3.5.0.0 Beta, 3.0.0.5, and earlier in AwingSoft Awakening Web3D Player and Winds3D Viewer allows remote attackers to cause a denial of service (application crash) or ex... Read more

    • Published: Jan. 07, 2010
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-10529

    Possible use after free issue due to race condition while attempting to mark the entry pages as dirty using function set_page_dirty() in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mo... Read more

    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2013-3890

    Microsoft Excel 2007 SP3, Excel Viewer, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Excel Memory Corruption Vulnerability."... Read more

    • Published: Oct. 09, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-3847

    Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code o... Read more

    • Published: Sep. 11, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-0032

    Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan hors... Read more

    • Published: Mar. 09, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-3552

    Nitro Pro 7.5.0.29 and earlier and Nitro Reader 2.5.0.45 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file.... Read more

    Affected Products : nitro_pro nitro_reader
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2013-3128

    The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5,... Read more

    • Published: Oct. 09, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-2298

    Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler.... Read more

    Affected Products : boinc boinc boinc_client
    • Published: Jun. 02, 2014
    • Modified: Jul. 08, 2025

  • 9.3

    HIGH
    CVE-2013-2134

    Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.... Read more

    Affected Products : struts
    • Published: Jul. 16, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-1960

    Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.... Read more

    Affected Products : libtiff libtiff
    • Published: Jul. 03, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-1704

    Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via ... Read more

    Affected Products : firefox seamonkey
    • Published: Aug. 07, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-1474

    Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the Februa... Read more

    Affected Products : javafx
    • Published: Feb. 02, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2007-5155

    IceGUI.DLL in ICEOWS 4.20b invokes a function with incorrect arguments, which allows user-assisted remote attackers to execute arbitrary code via a long filename in the header of an ACE archive, which triggers a stack-based buffer overflow.... Read more

    Affected Products : iceows
    • Published: Oct. 01, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2013-1315

    Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute a... Read more

    • Published: Sep. 11, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2016-4902

    Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.0.1 and earlier, The Public Certification Service for Individuals "The JPKI user's software (for Windows Vist... Read more

    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2013-1010

    WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than... Read more

    • Published: May. 20, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-1000

    WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than... Read more

    • Published: May. 20, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0999

    WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than... Read more

    • Published: May. 20, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0989

    Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP3 file.... Read more

    • Published: May. 24, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0984

    Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Jun. 05, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 294740 Results