Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2019-0787

    A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0788, CVE-2019-1290, CVE-201... Read more

    • Published: Sep. 11, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-0853

    A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.... Read more

    • Published: Apr. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-0772

    A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0667.... Read more

    • Published: Apr. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-0894

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0889, CVE-2019-0890, CVE-2019-0891, ... Read more

    • Published: May. 16, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2023-50255

    Deepin-Compressor is the default archive manager of Deepin Linux OS. Prior to 5.12.21, there's a path traversal vulnerability in deepin-compressor that can be exploited to achieve Remote Command Execution on the target system upon opening crafted archives... Read more

    Affected Products : deepin-compressor
    • Published: Dec. 27, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-5045

    Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XML ele... Read more

    Affected Products : firefox quicktime
    • Published: Sep. 24, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-5004

    Integer overflow in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to execute arbitrary code via a long username and a certain "useless" password.... Read more

    • Published: Oct. 01, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2010-20122

    Xftp FTP Client version up to and including 3.0 (build 0238) contain a stack-based buffer overflow vulnerability triggered by a maliciously crafted PWD response from an FTP server. When the client connects to a server and receives an overly long directory... Read more

    Affected Products :
    • Published: Aug. 21, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    HIGH
    CVE-2019-0765

    A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory, aka 'Comctl32 Remote Code Execution Vulnerability'.... Read more

    • Published: Apr. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-4962

    Directory traversal vulnerability in WinImage 8.10 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a filename within a (1) .IMG or (2) .ISO file. NOTE: this can be leveraged for code execution... Read more

    Affected Products : winimage
    • Published: Sep. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2025-55746

    Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents (with... Read more

    Affected Products : directus
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    HIGH
    CVE-2019-0756

    A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.... Read more

    • Published: Apr. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-4943

    Multiple buffer overflows in a certain ActiveX control in sparser.dll in Baofeng Storm 2.8 and earlier allow remote attackers to execute arbitrary code via malformed input in an unknown set of arguments or property values, a different DLL than CVE-2007-48... Read more

    Affected Products : storm
    • Published: Sep. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4909

    Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL... Read more

    Affected Products : winscp
    • Published: Sep. 17, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2025-27493

    A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize user input for specific commands on the telnet command line interface.... Read more

    • Published: Mar. 11, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 9.3

    HIGH
    CVE-2007-4842

    Directory traversal vulnerability in Enriva Development Magellan Explorer 3.32 build 2305 and earlier allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a filename. NOTE: this can be leveraged for code execution by writ... Read more

    Affected Products : magellan_explorer
    • Published: Sep. 12, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-0748

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'.... Read more

    Affected Products : office
    • Published: Apr. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-4776

    Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a Visual Basic project (vbp) file containing a long Reference line, related to VBP_Open and OLE. NOTE: there a... Read more

    Affected Products : visual_basic
    • Published: Sep. 10, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4740

    The HPRevolutionRegistryManager ActiveX control in Hp.Revolution.RegistryManager.dll 1 in Telecom Italy Alice Messenger allows remote attackers to create registry keys and values via the arguments to the WriteRegistry method.... Read more

    Affected Products : alice_messenger
    • Published: Sep. 06, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4735

    Buffer overflow in Next Generation Software Virtual DJ (VDJ) 5.0 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file.... Read more

    Affected Products : virtual_dj_\(vdj\)
    • Published: Sep. 06, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 294836 Results