Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2007-0025

    The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memor... Read more

    • Published: Feb. 13, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-0024

    Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web p... Read more

    • Published: Jan. 09, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-6676

    Integer overflow in the (a) OLE2 and (b) CHM parsers for ESET NOD32 Antivirus before 1.1743 allows remote attackers to execute arbitrary code via a crafted (1) .DOC or (2) .CAB file that triggers a heap-based buffer overflow.... Read more

    Affected Products : nod32_antivirus nod32_antivirus
    • Published: Dec. 21, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-6603

    Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information.... Read more

    Affected Products : messenger
    • Published: Dec. 15, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-6561

    Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a differ... Read more

    Affected Products : office word word_viewer works
    • Published: Dec. 14, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2018-11284

    Spoofed SMS can be used to send a large number of messages to the device which will in turn initiate a flood of registration updates with the server in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 6... Read more

    • Published: Jan. 18, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2006-6236

    Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the (1) src, (2) setPageMode, (3) setLayoutMode, and (4) setNamedDest methods in a... Read more

    Affected Products : acrobat_reader
    • Published: Dec. 03, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-5567

    Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before 5.31 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) ultravox-max-msg header to the Ultravox protocol handler or (2) unspecified Lyrics3 tags.... Read more

    Affected Products : winamp
    • Published: Oct. 27, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-5176

    Buffer overflow in NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to execute arbitrary code via "the signature field of NTLM Type 1 messages".... Read more

    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-3977

    Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 has unknown impact and remote attackers related to "improper processing of outdated WebScan components."... Read more

    • Published: Aug. 04, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2006-3448

    Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or ... Read more

    Affected Products : step-by-step_interactive_training
    • Published: Feb. 13, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-3435

    PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers ... Read more

    Affected Products : office
    • Published: Oct. 10, 2006
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-3423

    WebEx Downloader ActiveX Control and WebEx Downloader Java before 2.1.0.0 do not validate downloaded components, which allows remote attackers to execute arbitrary code via a website that activates the GpcUrlRoot and GpcIniFileName ActiveX controls to cau... Read more

    • Published: Jul. 07, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2006-2273

    The InstallProduct routine in the Verisign VUpdater.Install (aka i-Nav) ActiveX control does not verify Microsoft Cabinet (.CAB) files, which allows remote attackers to run an arbitrary executable file.... Read more

    Affected Products : i-nav
    • Published: May. 12, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2006-1359

    Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.... Read more

    Affected Products : internet_explorer ie
    • Published: Mar. 23, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2006-1306

    Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability."... Read more

    Affected Products : excel_viewer excel
    • Published: Jul. 13, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2018-10897

    A directory traversal issue was found in reposync, a part of yum-utils, where reposync fails to sanitize paths in remote repository configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination direct... Read more

    • Published: Aug. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2018-10895

    qutebrowser before version 1.4.1 is vulnerable to a cross-site request forgery flaw that allows websites to access 'qute://*' URLs. A malicious website could exploit this to load a 'qute://settings/set' URL, which then sets 'editor.command' to a bash scri... Read more

    Affected Products : qutebrowser
    • Published: Jul. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2006-0020

    An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code vi... Read more

    • Published: Jan. 10, 2006
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2006-0007

    Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is ... Read more

    Affected Products : office
    • Published: Jul. 11, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 294858 Results