Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2014-4502

    Multiple heap-based buffer overflows in the parse_notify function in sgminer before 4.2.2, cgminer before 4.3.5, and BFGMiner before 4.1.0 allow remote pool servers to have unspecified impact via a (1) large or (2) negative value in the Extranonc2_size pa... Read more

    Affected Products : bfgminer sgminer
    • Published: Jul. 23, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-19282

    Rockwell Automation PowerFlex 525 AC Drives 5.001 and earlier allow remote attackers to cause a denial of service by crashing the Common Industrial Protocol (CIP) network stack. The vulnerability allows the attacker to crash the CIP in a way that it does ... Read more

    • Published: Apr. 04, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2002-1337

    Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.... Read more

    • Published: Mar. 07, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2014-4376

    IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via an application that provides crafted API arguments.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Sep. 19, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2013-1365

    Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and ... Read more

    • Published: Feb. 12, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2014-0428

    Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA. NOTE: the previous information is from t... Read more

    Affected Products : jdk jre
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2008-0728

    The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption."... Read more

    Affected Products : clamav
    • Published: Feb. 12, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2014-0511

    Heap-based buffer overflow in Adobe Reader 11.0.06 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.... Read more

    Affected Products : acrobat_reader
    • Published: Mar. 27, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2007-1006

    Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet.... Read more

    Affected Products : ekiga
    • Published: Feb. 20, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2010-3187

    Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote attackers to execute arbitrary code via a long NLST command.... Read more

    Affected Products : aix
    • Published: Aug. 30, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-5964

    Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code vi... Read more

    Affected Products : portable_sdk_for_upnp
    • Published: Jan. 31, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2014-4151

    The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request.... Read more

    • Published: Jun. 18, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2009-1636

    Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command... Read more

    Affected Products : groupwise
    • Published: May. 26, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2014-4073

    Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce... Read more

    Affected Products : .net_framework
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2007-0062

    Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, AC... Read more

    • Published: Sep. 21, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2014-1537

    Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.... Read more

    Affected Products : firefox
    • Published: Jun. 11, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2009-4212

    Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly exec... Read more

    Affected Products : kerberos_5 kerberos
    • Published: Jan. 13, 2010
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-2815

    The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private... Read more

    Affected Products : internet_information_services iis
    • Published: May. 22, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-35851

    HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system.... Read more

    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2003-0522

    Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 allow remote attackers to (1) gain access to the admin control panel via the idadmin parameter to login.asp or (2) gain other privileges via the Email parameter to Custva.asp.... Read more

    Affected Products : productcart
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025
Showing 20 of 293261 Results