Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2018-8544

    A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2... Read more

    • Published: Nov. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-8524

    A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outloo... Read more

    • Published: Nov. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-8494

    A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Win... Read more

    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-8432

    A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Microsoft Office Word V... Read more

    • Published: Oct. 10, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-8420

    A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Win... Read more

    • Published: Sep. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-8375

    A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Micros... Read more

    • Published: Aug. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-8332

    A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Windows Server 2012 R2, Wi... Read more

    • Published: Sep. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2006-6282

    members.php in Vikingboard 0.1.2 allows remote attackers to trigger a forced SQL error via an invalid s parameter, a different vector than CVE-2006-4709. NOTE: might only be an exposure if display_errors is enabled, but due to lack of details, even this ... Read more

    Affected Products : vikingboard
    • Published: Dec. 04, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-6261

    Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a)... Read more

    • Published: Dec. 04, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-6258

    The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cross-site scripting (XSS) attack.... Read more

    Affected Products : alternc
    • Published: Dec. 04, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2025-23016

    FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.... Read more

    Affected Products : fcgi
    • Published: Jan. 10, 2025
    • Modified: Apr. 24, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    HIGH
    CVE-2018-4920

    Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.... Read more

    • Published: May. 19, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-4456

    A memory corruption issue was addressed with improved input validation. This issue affected versions prior to macOS High Sierra 10.13.6, macOS Mojave 10.14.... Read more

    Affected Products : mac_os_x
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-5859

    Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption.... Read more

    Affected Products : mac_os_x safari
    • Published: Dec. 19, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-4344

    A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • Actively Exploited
    • Published: Apr. 03, 2019
    • Modified: Feb. 28, 2025

  • 9.3

    HIGH
    CVE-2018-4336

    A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12, watchOS 5.... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-4243

    An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "Kernel" component. A buffer overflow in getvolattrlis... Read more

    Affected Products : mac_os_x iphone_os watchos apple_tv
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2023-45133

    Babel is a compiler for writingJavaScript. In `@babel/traverse` prior to versions 7.23.2 and 8.0.0-alpha.4 and all versions of `babel-traverse`, using Babel to compile code that was specifically crafted by an attacker can lead to arbitrary code execution ... Read more

    • Published: Oct. 12, 2023
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2006-6027

    Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control.... Read more

    Affected Products : acrobat_reader
    • Published: Nov. 21, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-17953

    A incorrect variable in a SUSE specific patch for pam_access rule matching in PAM 1.3.0 in openSUSE Leap 15.0 and SUSE Linux Enterprise 15 could lead to pam_access rules not being applied (fail open).... Read more

    Affected Products : leap linux_enterprise linux-pam
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294836 Results