Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2020-1496

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If... Read more

    Affected Products : office 365_apps excel
    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-1401

    A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1400, CVE-2020-1407.... Read more

    • Published: Jul. 14, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-0209

    Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption... Read more

    Affected Products : office works
    • Published: Feb. 13, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-0068

    IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database.... Read more

    Affected Products : lotus_domino
    • Published: Jun. 06, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-0029

    Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."... Read more

    Affected Products : office excel_viewer excel works
    • Published: Jan. 09, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-0033

    Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.... Read more

    Affected Products : office outlook
    • Published: Jan. 09, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2020-1136

    A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1028, CVE-2020-1126, CVE-2020-1150.... Read more

    • Published: May. 21, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2006-7201

    EMC RSA Security SiteKey does not set the secure qualifier on the SiteKey Flash token (aka the PassMark Flash shared object), which might allow remote attackers to obtain the token via HTTP.... Read more

    Affected Products : rsa_security_sitekey
    • Published: Apr. 30, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2020-1013

    <p>An elevation of privilege vulnerability exists when Microsoft Windows processes group policy updates. An attacker who successfully exploited this vulnerability could potentially escalate permissions or perform additional privileged actions on the targe... Read more

    • Published: Sep. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2006-7185

    PHP remote file inclusion vulnerability in includes/user_standard.php in CMSmelborp Beta allows remote attackers to execute arbitrary PHP code via a URL in the relative_root parameter.... Read more

    Affected Products : cmsmelborp
    • Published: Mar. 30, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2020-0950

    A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0948, CVE-2020-0949.... Read more

    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-0807

    A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0801, CVE-2020-0809, CVE-2020-0869.... Read more

    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-0734

    A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0681.... Read more

    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-8830

    An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iOS 12.4.4, w... Read more

    Affected Products : macos mac_os_x iphone_os tvos watchos ipados
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2006-7046

    PHP remote file inclusion vulnerability in cmpro.intern/login.inc.php for Clan Manager Pro (CMPRO) 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. NOTE: the provenance of this information is unknown; the d... Read more

    Affected Products : clan_manager_pro
    • Published: Feb. 24, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-7061

    Scriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverage them for cross-site scripting (XSS) attacks.... Read more

    Affected Products : e-dating_system
    • Published: Feb. 24, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-7829

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability. Success... Read more

    • Published: May. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-7822

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have an out-of-bounds write vulnerability. Success... Read more

    • Published: May. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-7760

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful ex... Read more

    • Published: May. 22, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-7443

    KDE KAuth before 5.55 allows the passing of parameters with arbitrary types to helpers running as root over DBus via DBusHelperProxy.cpp. Certain types can cause crashes, and trigger the decoding of arbitrary images with dynamically loaded plugins. In oth... Read more

    • Published: May. 07, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 294837 Results