Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2018-5090

    Memory safety bugs were reported in Firefox 57. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 58.... Read more

    Affected Products : firefox ubuntu_linux
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-1158

    The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a ... Read more

    Affected Products : cups
    • Published: Jun. 26, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-1066

    Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Mar. 12, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2013-6195

    Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-2008.... Read more

    Affected Products : storage_data_protector
    • Published: Jan. 04, 2014
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2014-1541

    Use-after-free vulnerability in the RefreshDriverTimer::TickDriver function in the SMIL Animation Controller in Mozilla Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird before 24.6 allows remote attackers to execute arbitrary code or cau... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jun. 11, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2024-32741

    A vulnerability has been identified in SIMATIC CN 4100 (All versions < V3.0). The affected device contains hard coded password which is used for the privileged system user `root` and for the boot loader `GRUB` by default . An attacker who manages to crack... Read more

    • Published: May. 14, 2024
    • Modified: Aug. 26, 2025

  • 10.0

    HIGH
    CVE-2011-4860

    The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier... Read more

    • Published: Dec. 17, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2014-1764

    Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code and bypass a sandbox protection mechanism by leveraging "object confusion" in a broker process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest ... Read more

    Affected Products : internet_explorer
    • Published: Apr. 27, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0929

    time.htm in the web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a78 allows remote attackers to bypass authentication and obtain administrative access by leveraging a cookie received in an HTTP response.... Read more

    Affected Products : hvg_video_gateway_firmware hvg400
    • Published: Feb. 03, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0984

    Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O ... Read more

    • Published: Mar. 31, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0855

    The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path.... Read more

    Affected Products : pitivi
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-0786

    Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : zenworks_configuration_management
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2014-4487

    Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows attackers to execute arbitrary code in a privileged context via a crafted app.... Read more

    Affected Products : mac_os_x iphone_os tvos
    • Published: Jan. 30, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0850

    The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository.... Read more

    Affected Products : fusionforge
    • Published: Jun. 02, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-2830

    Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils before 6.4, as used in pam_cifscreds, allows remote attackers to have unspecified impact via unknown vectors.... Read more

    Affected Products : cifs-utils
    • Published: Mar. 31, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2012-0444

    Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruptio... Read more

    • Published: Feb. 01, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2015-0701

    Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961.... Read more

    • Published: May. 07, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-0653

    The management interface in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X7.2.4, X8 before X8.1.2, and X8.2 before X8.2.2 and Cisco TelePresence Conductor before X2.3.1 and XC2.4 before XC2.4.1 allows remote attackers to... Read more

    • Published: Mar. 13, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2011-0080

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allow remote attackers to cause a denial of service (memory corruption and ap... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: May. 07, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2020-4429

    IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 contains a default password for an IDRM administrative account. A remote attacker could exploit this vulnerability to login and execute arbitrary code on the system with root privileges. I... Read more

    Affected Products : data_risk_manager
    • Published: May. 07, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 293221 Results