Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2016-2508

    media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 does not validate certain track data, which allows remote attackers to execute arbitrary c... Read more

    Affected Products : android
    • Published: Jul. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2016-2450

    codecs/on2/enc/SoftVPXEncoder.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 does not validate OMX buffer sizes, which allows attackers to gain privileges via a crafted a... Read more

    Affected Products : android
    • Published: May. 09, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2019-15287

    Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient vali... Read more

    • Published: Sep. 23, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-1430

    A remote code execution vulnerability exists when Windows Media Foundation improperly parses specially crafted QuickTime media files.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'Microsof... Read more

    Affected Products : windows_10 windows_server_2016
    • Published: Nov. 12, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-2412

    include/core/SkPostConfig.h in Skia, as used in System_server in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01, mishandles certain crashes, which allows attackers to gain privileges via a crafted application, ... Read more

    Affected Products : android
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2015-3879

    Media Player Framework in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bug 23223325.... Read more

    Affected Products : android
    • Published: Oct. 06, 2015
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2019-11582

    An argument injection vulnerability in Atlassian Sourcetree for Windows's URI handlers, in all versions prior to 3.1.3, allows remote attackers to gain remote code execution through the use of a crafted URI.... Read more

    Affected Products : sourcetree
    • Published: Jun. 14, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-0724

    An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka 'Microsoft Exchange Server Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0686.... Read more

    Affected Products : exchange_server
    • Published: Mar. 05, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-0546

    A remote code execution vulnerability exists in Visual Studio when the C++ compiler improperly handles specific combinations of C++ constructs, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio.... Read more

    Affected Products : visual_studio_2017 visual_studio
    • Published: Jan. 08, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-9536

    In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android... Read more

    Affected Products : android
    • Published: Nov. 14, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-8587

    A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outloo... Read more

    Affected Products : office office_365_proplus outlook
    • Published: Dec. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-8376

    A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability." This affects Microsoft PowerPoint.... Read more

    Affected Products : powerpoint
    • Published: Aug. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-8312

    A remote code execution vulnerability exists when Microsoft Access fails to properly handle objects in memory, aka "Microsoft Access Remote Code Execution Vulnerability." This affects Microsoft Access, Microsoft Office.... Read more

    Affected Products : office access
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-8281

    A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft PowerPoint V... Read more

    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-8238

    A security feature bypass vulnerability exists when Skype for Business or Lync do not properly parse UNC path links shared via messages, aka "Skype for Business and Lync Security Feature Bypass Vulnerability." This affects Skype, Microsoft Lync.... Read more

    Affected Products : lync skype_for_business skype
    • Published: Jul. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-5925

    A security vulnerability has been identified with certain HP Inkjet printers. A maliciously crafted file sent to an affected device can cause a static buffer overflow, which could allow remote code execution.... Read more

    • Published: Aug. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-4424

    A buffer overflow was addressed with improved size validation. This issue affected versions prior to macOS Mojave 10.14.1.... Read more

    Affected Products : mac_os_x
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2004-0259

    The check_referer() function in Formmail.php 5.0 and earlier allows remote attackers to bypass access restrictions via an empty or spoofed HTTP Referer, as demonstrated using an application on the same web server that contains a cross-site scripting (XSS)... Read more

    Affected Products : formmail.php
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2018-4327

    A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 11.4.1.... Read more

    Affected Products : iphone_os
    • Published: Apr. 03, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2018-4236

    An issue was discovered in certain Apple products. macOS before 10.13.5 is affected. The issue involves the "IOGraphics" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via ... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Jun. 08, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 294846 Results