Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2011-1302

    Heap-based buffer overflow in the GPU process in Google Chrome before 10.0.648.205 allows remote attackers to execute arbitrary code via unknown vectors.... Read more

    Affected Products : chrome
    • Published: Apr. 15, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-1273

    Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, 2008, and 2011 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly vali... Read more

    • Published: Jun. 16, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-1272

    Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record s... Read more

    • Published: Jun. 16, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-1253

    Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2... Read more

    • Published: Oct. 12, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2011-1214

    Stack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, aka SPR PRAD8823JQ.... Read more

    Affected Products : lotus_notes
    • Published: May. 31, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2018-6267

    NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software does not validate or incorrectly validates input that can affect the control flow or data flow of a program, which may lead to denial of service or escalation of privile... Read more

    Affected Products : android
    • Published: Feb. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2011-0619

    Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability... Read more

    • Published: May. 13, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2018-6271

    NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software delivers extra data with the buffer and does not properly validated the extra data, which may lead to denial of service or escalation of privileges. Android ID: A-801984... Read more

    Affected Products : android
    • Published: Feb. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2011-0105

    Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code v... Read more

    • Published: Apr. 13, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2006-3438

    Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a... Read more

    Affected Products : hyperlink_object_library
    • Published: Aug. 09, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2010-4192

    Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted 3D Assets 0xFFFFFF88 type record that triggers an incorrect memory allocation, a diffe... Read more

    Affected Products : shockwave_player
    • Published: Feb. 10, 2011
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-4088

    dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with "duplicated references to the same KEY* chunk," a different vulnerability than CVE-2010... Read more

    Affected Products : shockwave_player
    • Published: Oct. 29, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-4085

    dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4086, and CVE... Read more

    Affected Products : shockwave_player
    • Published: Oct. 29, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2018-6140

    Allowing the chrome.debugger API to attach to Web UI pages in DevTools in Google Chrome prior to 67.0.3396.62 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension.... Read more

    • Published: Jan. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2010-3826

    WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to ... Read more

    • Published: Nov. 22, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-3823

    Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vector... Read more

    • Published: Nov. 22, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-3820

    WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processing of editable elements, which allows remote attackers to execute arbitrary code or cause a deni... Read more

    • Published: Nov. 22, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-3802

    Integer signedness error in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted panorama atom in a QuickTime Virtual Reality (QTVR) movie file.... Read more

    Affected Products : quicktime
    • Published: Dec. 09, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-3747

    An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during parsing of a CDDA URI, which allows remote attackers to e... Read more

    Affected Products : realplayer realplayer_sp
    • Published: Oct. 19, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2010-3652

    Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris, and 10.1.95.1 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) vi... Read more

    • Published: Nov. 07, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 294846 Results