Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2003-0589

    admin.php in Digi-ads 1.1 allows remote attackers to bypass authentication via a cookie with the username set to the name of the administrator, which satisfies an improper condition in admin.php that does not require a correct password.... Read more

    Affected Products : digi-news
    • EPSS Score: %2.56
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2016-4102

    Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary ... Read more

    • EPSS Score: %6.62
    • Published: May. 11, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-3063

    Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a different vulnerability than CVE-2015-3060, CVE-2015-3061, CVE-... Read more

    Affected Products : mac_os_x acrobat acrobat_reader windows
    • EPSS Score: %3.03
    • Published: May. 13, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2013-1481

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vec... Read more

    Affected Products : jdk jre jre jdk
    • EPSS Score: %8.54
    • Published: Feb. 02, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-0760

    The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0761, ... Read more

    Affected Products : shockwave_player
    • EPSS Score: %9.19
    • Published: Feb. 15, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2004-0648

    Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.... Read more

    Affected Products : firefox thunderbird mozilla
    • EPSS Score: %22.51
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2025-1864

    Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in radareorg radare2 allows Overflow Buffers.This issue affects radare2: before <5.9.9.... Read more

    Affected Products : radare2
    • Published: Mar. 03, 2025
    • Modified: Jul. 01, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    CRITICAL
    CVE-2024-5932

    The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.14.1 via deserialization of untrusted input from the 'give_title' parameter. This makes it possible fo... Read more

    Affected Products : givewp
    • Published: Aug. 20, 2024
    • Modified: Aug. 26, 2024

  • 10.0

    HIGH
    CVE-2019-10149

    A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.... Read more

    Affected Products : ubuntu_linux debian_linux exim
    • Actively Exploited
    • EPSS Score: %93.87
    • Published: Jun. 05, 2019
    • Modified: Apr. 01, 2025

  • 10.0

    CRITICAL
    CVE-2017-16845

    hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.... Read more

    Affected Products : ubuntu_linux debian_linux qemu
    • EPSS Score: %2.07
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2014-0703

    Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers to bypass intended access restrictions by connecting to a... Read more

    • EPSS Score: %0.93
    • Published: Mar. 06, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2013-2432

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integr... Read more

    Affected Products : jdk jre jre jdk javafx
    • EPSS Score: %5.90
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-1484

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 13 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.... Read more

    Affected Products : jdk jre
    • EPSS Score: %1.47
    • Published: Feb. 20, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-0450

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availab... Read more

    Affected Products : jdk jre jre jdk
    • EPSS Score: %1.82
    • Published: Feb. 02, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-3213

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scripting... Read more

    Affected Products : jdk jre jre jdk
    • EPSS Score: %10.13
    • Published: Feb. 02, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-3136

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerabili... Read more

    Affected Products : jdk jre
    • EPSS Score: %1.03
    • Published: Aug. 30, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-1533

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ... Read more

    Affected Products : jdk jre jre jdk
    • EPSS Score: %66.16
    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-0497

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ... Read more

    Affected Products : jre jre
    • EPSS Score: %4.94
    • Published: Feb. 15, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2006-5352

    Multiple unspecified vulnerabilities in Oracle Application Express 1.5 up to 1.6.1 have unknown impact and remote attack vectors, aka Vuln# (1) APEX04, (2) APEX20, and (3) APEX21.... Read more

    Affected Products : apex
    • EPSS Score: %0.96
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2004-0982

    Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL.... Read more

    Affected Products : mpg123
    • EPSS Score: %8.23
    • Published: Feb. 09, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 291728 Results