Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2015-0341

    Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability... Read more

    • Published: Mar. 13, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0332

    Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a differ... Read more

    • Published: Mar. 13, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0318

    Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a differ... Read more

    • Published: Feb. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7889

    The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of Sale Windows PCs allow remote attackers to execute arbitrary code via vectors involving OPOSLineDisplay.ocx for Retail RP7 VFD Customer Display monitors, Retail Integrated 2x20 Display mo... Read more

    • Published: Mar. 09, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7187

    Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via deeply nes... Read more

    Affected Products : bash
    • Published: Sep. 28, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-7186

    The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified other impact via crafted use of here document... Read more

    Affected Products : bash
    • Published: Sep. 28, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-6278

    GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as demonstrated by vectors involving the ForceComma... Read more

    Affected Products : bash
    • Published: Sep. 30, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-4495

    The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not enforce the read-only attribute of a shared memory segment during use of a custom cache mode, which allows attackers to bypass intended access restrictions... Read more

    Affected Products : mac_os_x iphone_os tvos
    • Published: Jan. 30, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-4480

    Directory traversal vulnerability in afc in AppleFileConduit in Apple iOS before 8.1.3 and Apple TV before 7.0.3 allows attackers to access unintended filesystem locations by creating a symlink.... Read more

    Affected Products : iphone_os tvos
    • Published: Jan. 30, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2020-9411

    The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerability that theoretically allows an attacker to perform unauthorized network file transfers to and from the file system accessible... Read more

    • Published: Jun. 09, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-3007

    Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might allow remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors related to CVE-2014-1932, possibly JpegImagePlugin.py.... Read more

    Affected Products : pillow python_imaging_library
    • Published: Apr. 27, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6912

    Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi.... Read more

    Affected Products : video_station
    • Published: Sep. 11, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-2867

    Unrestricted file upload vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code by uploading a ColdFusion page, and then accessing it via unspecified vectors.... Read more

    Affected Products : commonspot_content_server
    • Published: Apr. 15, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-1563

    Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (h... Read more

    • Published: Sep. 03, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-1536

    The PropertyProvider::FindJustificationRange function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via unspecified vectors.... Read more

    Affected Products : firefox
    • Published: Jun. 11, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-1533

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ... Read more

    Affected Products : firefox firefox_esr
    • Published: Jun. 11, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-1236

    Stack-based buffer overflow in the chkNum function in lib/cgraph/scan.l in Graphviz 2.34.0 allows remote attackers to have unspecified impact via vectors related to a "badly formed number" and a "long digit list."... Read more

    Affected Products : graphviz
    • Published: Jan. 10, 2014
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2014-0567

    Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0561.... Read more

    Affected Products : mac_os_x acrobat acrobat_reader windows
    • Published: Sep. 17, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-0587

    Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a differ... Read more

    • Published: Dec. 10, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-6792

    The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, related to midi_manage... Read more

    Affected Products : chrome
    • Published: Dec. 24, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 292767 Results