Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2006-6261

    Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a)... Read more

    • Published: Dec. 04, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-6258

    The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cross-site scripting (XSS) attack.... Read more

    Affected Products : alternc
    • Published: Dec. 04, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2025-23016

    FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.... Read more

    Affected Products : fcgi
    • Published: Jan. 10, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    HIGH
    CVE-2018-4920

    Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.... Read more

    • Published: May. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-4456

    A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6, macOS Mojave 10.14.... Read more

    Affected Products : mac_os_x
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-5859

    Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption.... Read more

    Affected Products : mac_os_x safari
    • Published: Dec. 19, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-4344

    A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • Actively Exploited
    • Published: Apr. 03, 2019
    • Modified: Feb. 28, 2025

  • 9.3

    HIGH
    CVE-2018-4336

    A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-4243

    An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in getvolattrlis... Read more

    Affected Products : mac_os_x iphone_os watchos apple_tv
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2023-45133

    Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution ... Read more

    • Published: Oct. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2006-6027

    Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control.... Read more

    Affected Products : acrobat_reader
    • Published: Nov. 21, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-17953

    A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).... Read more

    Affected Products : leap linux_enterprise linux-pam
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2006-5868

    Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image.... Read more

    Affected Products : ubuntu_linux debian_linux imagemagick
    • Published: Nov. 22, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-16046

    Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have a... Read more

    • Published: Jan. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2006-5820

    The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value.... Read more

    Affected Products : aol
    • Published: Apr. 02, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-15930

    Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    • Published: Oct. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-12846

    Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    • Published: Oct. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-12841

    Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a double free vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    • Published: Oct. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-5849

    Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.... Read more

    Affected Products : mac_os_x cups
    • Published: Dec. 19, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-0866

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripti... Read more

    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294798 Results