Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2013-3847

    Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code o... Read more

    • Published: Sep. 11, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-0032

    Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan hors... Read more

    • Published: Mar. 09, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-3552

    Nitro Pro 7.5.0.29 and earlier and Nitro Reader 2.5.0.45 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file.... Read more

    Affected Products : nitro_pro nitro_reader
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2013-3128

    The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5,... Read more

    • Published: Oct. 09, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-2298

    Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler.... Read more

    Affected Products : boinc boinc boinc_client
    • Published: Jun. 02, 2014
    • Modified: Jul. 08, 2025

  • 9.3

    HIGH
    CVE-2013-2134

    Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.... Read more

    Affected Products : struts
    • Published: Jul. 16, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-1960

    Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.... Read more

    Affected Products : libtiff libtiff
    • Published: Jul. 03, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-1704

    Use-after-free vulnerability in the nsINode::GetParentNode function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via ... Read more

    Affected Products : firefox seamonkey
    • Published: Aug. 07, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-1474

    Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than other CVEs listed in the Februa... Read more

    Affected Products : javafx
    • Published: Feb. 02, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2007-5155

    IceGUI.DLL in ICEOWS 4.20b invokes a function with incorrect arguments, which allows user-assisted remote attackers to execute arbitrary code via a long filename in the header of an ACE archive, which triggers a stack-based buffer overflow.... Read more

    Affected Products : iceows
    • Published: Oct. 01, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2013-1315

    Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute a... Read more

    • Published: Sep. 11, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2016-4902

    Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.0.1 and earlier, The Public Certification Service for Individuals "The JPKI user's software (for Windows Vist... Read more

    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2013-1010

    WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than... Read more

    • Published: May. 20, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-1000

    WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than... Read more

    • Published: May. 20, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0999

    WebKit, as used in Apple iTunes before 11.0.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than... Read more

    • Published: May. 20, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0989

    Buffer overflow in Apple QuickTime before 7.7.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP3 file.... Read more

    • Published: May. 24, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0984

    Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Jun. 05, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0868

    libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) "len==0 cases."... Read more

    Affected Products : ffmpeg
    • Published: Nov. 23, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0851

    The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Electronic Arts Madcow video data, which triggers an out-of-bounds array access.... Read more

    Affected Products : ffmpeg
    • Published: Dec. 07, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-0784

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before 2.16 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execu... Read more

    • Published: Feb. 19, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 294826 Results