Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2009-1686

    WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle constant (aka const) declarations in a type-conversion operation during JavaScript exception handling, which allows rem... Read more

    Affected Products : safari
    • Published: Jun. 10, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-1564

    Heap-based buffer overflow in vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 Build 246459 on Windows, and the movie decoder in VMware Workstation 6.5.x before 6.5.4 build 246459, VMware Player 2.5.x before 2.5.4 build 246459, and VM... Read more

    • Published: Apr. 12, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2009-0955

    Apple QuickTime before 7.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted image description atoms in an Apple video file, related to a "sign extension issue."... Read more

    Affected Products : quicktime
    • Published: Jun. 02, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-0927

    Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability th... Read more

    Affected Products : acrobat_reader
    • Actively Exploited
    • Published: Mar. 19, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-0889

    Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified ve... Read more

    Affected Products : acrobat acrobat_reader
    • Published: Jun. 11, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2017-7069

    An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2009-0558

    Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Ind... Read more

    • Published: Jun. 10, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2009-0006

    Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-based ... Read more

    Affected Products : quicktime
    • Published: Jan. 21, 2009
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-2306

    Cross-site scripting (XSS) vulnerability in moreinfo.asp in EPublisherPro allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from th... Read more

    Affected Products : epublisherpro
    • Published: May. 11, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2008-5359

    Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary ... Read more

    Affected Products : jre sdk jdk
    • Published: Dec. 05, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-5358

    Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.... Read more

    Affected Products : jre jdk
    • Published: Dec. 05, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2017-7024

    An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute... Read more

    Affected Products : itunes iphone_os tvos safari icloud windows
    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2008-5110

    syslog-ng does not call chdir when it calls chroot, which might allow attackers to escape the intended jail. NOTE: this is only a vulnerability when a separate vulnerability is present. This flaw affects syslog-ng versions prior to and including 2.0.9.... Read more

    Affected Products : syslog-ng
    • Published: Nov. 17, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-5032

    Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through 0.9.5 might allow user-assisted attackers to execute arbitrary code via the header of an invalid CUE image file, related to modules/access/vcd/cdrom.c. NOTE: this identifier originall... Read more

    Affected Products : vlc_media_player
    • Published: Nov. 10, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-4794

    Opera before 9.62 allows remote attackers to execute arbitrary commands via the History Search results page, a different vulnerability than CVE-2008-4696.... Read more

    Affected Products : opera opera_browser
    • Published: Oct. 30, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-4695

    Opera before 9.60 allows remote attackers to obtain sensitive information and have unspecified other impact by predicting the cache pathname of a cached Java applet and then launching this applet from the cache, leading to applet execution within the loca... Read more

    Affected Products : opera opera_browser
    • Published: Oct. 23, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-5504

    In some circumstances, the Traffic Management Microkernel (TMM) does not properly handle certain malformed Websockets requests/responses, which allows remote attackers to cause a denial-of-service (DoS) or possible remote code execution on the F5 BIG-IP s... Read more

    • Published: Mar. 22, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-3638

    Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from accessing file:// URLs, which allows remote attackers to execute arbitrary programs.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Sep. 26, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-3637

    The Hash-based Message Authentication Code (HMAC) provider in Java on Apple Mac OS X 10.4.11, 10.5.4, and 10.5.5 uses an uninitialized variable, which allows remote attackers to execute arbitrary code via a crafted applet, related to an "error checking is... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Sep. 26, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2017-6989

    An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a priv... Read more

    Affected Products : iphone_os tvos watchos
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294848 Results