Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2008-0728

    The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption."... Read more

    Affected Products : clamav
    • Published: Feb. 12, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2014-0511

    Heap-based buffer overflow in Adobe Reader 11.0.06 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.... Read more

    Affected Products : acrobat_reader
    • Published: Mar. 27, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2007-1006

    Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet.... Read more

    Affected Products : ekiga
    • Published: Feb. 20, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2010-3187

    Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote attackers to execute arbitrary code via a long NLST command.... Read more

    Affected Products : aix
    • Published: Aug. 30, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-5964

    Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code vi... Read more

    Affected Products : portable_sdk_for_upnp
    • Published: Jan. 31, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2014-4151

    The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request.... Read more

    • Published: Jun. 18, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2009-1636

    Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command... Read more

    Affected Products : groupwise
    • Published: May. 26, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2014-4073

    Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce... Read more

    Affected Products : .net_framework
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2007-0062

    Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, AC... Read more

    • Published: Sep. 21, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2014-1537

    Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.... Read more

    Affected Products : firefox
    • Published: Jun. 11, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2009-4212

    Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly exec... Read more

    Affected Products : kerberos_5 kerberos
    • Published: Jan. 13, 2010
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-2815

    The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private... Read more

    Affected Products : internet_information_services iis
    • Published: May. 22, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-35851

    HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system.... Read more

    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2003-0522

    Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 allow remote attackers to (1) gain access to the admin control panel via the idadmin parameter to login.asp or (2) gain other privileges via the Email parameter to Custva.asp.... Read more

    Affected Products : productcart
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0528

    Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-200... Read more

    • Published: Sep. 17, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2013-2473

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and a... Read more

    Affected Products : jdk jre jre jdk
    • Published: Jun. 18, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-3327

    Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.... Read more

    • Published: May. 16, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2008-2041

    Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have unspecified attack vectors and "grave" impact when the web server has write access to a directory under the web document root.... Read more

    Affected Products : egroupware
    • Published: Apr. 30, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2014-3984

    Multiple unspecified vulnerabilities in Libav before 0.8.12 allow remote attackers to have unknown impact and vectors.... Read more

    Affected Products : libav
    • Published: Jun. 06, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-3914

    Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor... Read more

    Affected Products : rocket_servergraph
    • Published: Aug. 07, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 292803 Results