Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2020-29580

    The official storm Docker images before 1.2.1 contain a blank password for a root user. Systems using the Storm Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.... Read more

    Affected Products : storm_docker_image
    • EPSS Score: %2.07
    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-4866

    Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_D... Read more

    Affected Products : mplayer ffmpeg
    • EPSS Score: %7.43
    • Published: Nov. 01, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2012-3358

    Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JP... Read more

    Affected Products : openjpeg
    • EPSS Score: %4.46
    • Published: Jul. 18, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-29581

    The official spiped docker images before 1.5-alpine contain a blank password for a root user. Systems using the spiped docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank pass... Read more

    Affected Products : spiped_alpine_docker_image
    • EPSS Score: %2.07
    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-5010

    in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the "number of offers," aka Bug ... Read more

    Affected Products : solaris opensolaris
    • EPSS Score: %10.10
    • Published: Nov. 10, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-29557

    An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution.... Read more

    • Actively Exploited
    • EPSS Score: %91.69
    • Published: Jan. 29, 2021
    • Modified: Mar. 14, 2025

  • 10.0

    HIGH
    CVE-2017-6316

    Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISE... Read more

    Affected Products : netscaler_sd-wan
    • Actively Exploited
    • EPSS Score: %88.43
    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2014-2198

    Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the support and root accounts by extracting this key from a bin... Read more

    • EPSS Score: %2.34
    • Published: Jul. 07, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2008-5184

    The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel R... Read more

    Affected Products : cups
    • EPSS Score: %0.28
    • Published: Nov. 21, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-3952

    Buffer overflow in Adobe Illustrator CS3 13.0.3 and earlier and Illustrator CS4 14.0.0 allows attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : illustrator
    • EPSS Score: %21.93
    • Published: Jan. 08, 2010
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2012-4212

    Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) ... Read more

    • EPSS Score: %2.16
    • Published: Nov. 21, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-4681

    Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.f... Read more

    • Actively Exploited
    • EPSS Score: %94.14
    • Published: Aug. 28, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2017-3077

    Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the PNG image parser. Successful exploitation could lead to arbitrary code execution.... Read more

    • EPSS Score: %53.86
    • Published: Jun. 20, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2014-1905

    Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then acc... Read more

    • EPSS Score: %17.96
    • Published: Dec. 29, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-4918

    Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of th... Read more

    • EPSS Score: %2.04
    • Published: May. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-1849

    Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijack arbitrary cameras and conduct other attacks by modifyi... Read more

    Affected Products : ip_camera_firmware
    • EPSS Score: %20.85
    • Published: May. 14, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2010-0125

    RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 do not properly parse spectral data in AAC files, which has unspecified impact and remote attack vectors.... Read more

    Affected Products : realplayer mac_os_x realplayer_sp
    • EPSS Score: %0.40
    • Published: Dec. 14, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2014-1681

    Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors, related to 12 "security fixes [that were not] either contributed by external researchers or particularly interesting."... Read more

    Affected Products : chrome
    • EPSS Score: %0.32
    • Published: Jan. 28, 2014
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2014-1704

    Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, as used in Google Chrome before 33.0.1750.149, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.... Read more

    Affected Products : chrome v8
    • EPSS Score: %1.49
    • Published: Mar. 16, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-1554

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 32.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.... Read more

    Affected Products : firefox
    • EPSS Score: %1.01
    • Published: Sep. 03, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 292518 Results