Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2007-3611

    admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a (1) edit, (2) add, (3) config, or (4) del value in the act par... Read more

    Affected Products : vrnews
    • Published: Jul. 06, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-6255

    Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in HRTBEAT.OCX allows remote attackers to execute arbitrary code via the Host argument to an unspecified method.... Read more

    • Published: Apr. 23, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-6243

    Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up to 7.0.70.0 does not sufficiently restrict the interpretation and usage of cross-domain policy files, which makes it easier for remote attackers to conduct cross-domain and cross-site s... Read more

    Affected Products : flash_player
    • Published: Dec. 20, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3512

    Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows user-assisted remote attackers to execute arbitrary code via a large LHA "Extended Header Size" value in an LZH archive, a different issue than CVE-2007-3375.... Read more

    Affected Products : lhaca_file_archiver
    • Published: Jul. 03, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-0675

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2... Read more

    Affected Products : office
    • Published: Mar. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-17173

    Due to insufficient parameters verification GPU driver of Mate 9 Pro Huawei smart phones with the versions before LON-AL00B 8.0.0.356(C00) has an arbitrary memory free vulnerability. An attacker can tricks a user into installing a malicious application on... Read more

    • Published: Jun. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-3435

    Stack-based buffer overflow in the BeginPrint method in a certain ActiveX control in RKD Software (barcodetools.com) BarCodeAx.dll 4.9 allows remote attackers to execute arbitrary code via a long argument.... Read more

    Affected Products : barcode_activex
    • Published: Jun. 27, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-0673

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2... Read more

    Affected Products : office office_365_proplus
    • Published: Mar. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-0671

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2... Read more

    Affected Products : office office_365_proplus
    • Published: Mar. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-3360

    hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitrary commands by sending a client certain data containing NICK and EXEC strings, which exceeds the bounds of a hash table, and injects an EXEC hook function that receives and executes sh... Read more

    Affected Products : bitchx
    • Published: Jun. 22, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3302

    The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA (formerly Computer Associates) eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLL... Read more

    • Published: Jul. 26, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3290

    categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ' (quote) character in the cid parameter, which reveals the path in a forced SQL error message.... Read more

    Affected Products : livecms
    • Published: Jun. 20, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-0662

    A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0618.... Read more

    • Published: Mar. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-3400

    The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as distributed in NCTAudioEditor and NCTAudioStudio 2.7, allows remote attackers to overwrite arbitrary files via the CreateFile method.... Read more

    Affected Products : nctaudioeditor nctaudiostudio
    • Published: Jun. 26, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3186

    Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI.... Read more

    Affected Products : safari
    • Published: Jun. 12, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3148

    Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method.... Read more

    Affected Products : messenger
    • Published: Jun. 11, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3041

    Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "ActiveX Obj... Read more

    Affected Products : internet_explorer
    • Published: Aug. 14, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-2983

    Multiple buffer overflows in the British Telecommunications Consumer webhelper ActiveX control before 2.0.0.8 in btwebcontrol.dll allow remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : bt_consumer_webhelper
    • Published: Oct. 25, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-2982

    Multiple buffer overflows in the British Telecommunications Business Connect webhelper ActiveX control before 1.0.0.7 in btbconnectwebcontrol.dll allow remote attackers to execute arbitrary code via unspecified vectors.... Read more

    • Published: Jun. 01, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-2957

    Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, and before 8.1.2 for Linux, HP-UX, and AIX, allows remote attackers to execute arbitrary code via a large length value in an authentication packet, which results in a heap-based buffer... Read more

    Affected Products : e-business_server
    • Published: Oct. 31, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 294793 Results