Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2009-2662

    The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the TraceRecorder::snapshot function in js/sr... Read more

    Affected Products : firefox
    • Published: Aug. 04, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2011-1018

    logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server.... Read more

    Affected Products : logwatch
    • Published: Feb. 25, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2009-2694

    The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corr... Read more

    Affected Products : pidgin adium
    • Published: Aug. 21, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-29575

    The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root... Read more

    Affected Products : elixir_alpine_docker_image
    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-29580

    The official storm Docker images before 1.2.1 contain a blank password for a root user. Systems using the Storm Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.... Read more

    Affected Products : storm_docker_image
    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-4866

    Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_D... Read more

    Affected Products : mplayer ffmpeg
    • Published: Nov. 01, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2012-3358

    Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JP... Read more

    Affected Products : openjpeg
    • Published: Jul. 18, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-29581

    The official spiped docker images before 1.5-alpine contain a blank password for a root user. Systems using the spiped docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank pass... Read more

    Affected Products : spiped_alpine_docker_image
    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-5010

    in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the "number of offers," aka Bug ... Read more

    Affected Products : solaris opensolaris
    • Published: Nov. 10, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-29557

    An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution.... Read more

    • Actively Exploited
    • Published: Jan. 29, 2021
    • Modified: Mar. 14, 2025

  • 10.0

    HIGH
    CVE-2017-6316

    Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISE... Read more

    Affected Products : netscaler_sd-wan
    • Actively Exploited
    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2014-2198

    Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the support and root accounts by extracting this key from a bin... Read more

    • Published: Jul. 07, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2008-5184

    The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel R... Read more

    Affected Products : cups
    • Published: Nov. 21, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-3952

    Buffer overflow in Adobe Illustrator CS3 13.0.3 and earlier and Illustrator CS4 14.0.0 allows attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : illustrator
    • Published: Jan. 08, 2010
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2012-4212

    Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) ... Read more

    • Published: Nov. 21, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-4681

    Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.f... Read more

    • Actively Exploited
    • Published: Aug. 28, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2017-3077

    Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the PNG image parser. Successful exploitation could lead to arbitrary code execution.... Read more

    • Published: Jun. 20, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2014-1905

    Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a double extension, and then acc... Read more

    • Published: Dec. 29, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-4918

    Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of th... Read more

    • Published: May. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-1849

    Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijack arbitrary cameras and conduct other attacks by modifyi... Read more

    Affected Products : ip_camera_firmware
    • Published: May. 14, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 292803 Results