Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2014-1634

    SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.... Read more

    Affected Products : advanced_newsletter
    • EPSS Score: %0.10
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-1551

    Use-after-free vulnerability in the FontTableRec destructor in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 on Windows allows remote attackers to execute arbitrary code via crafted use of fonts in MathML content, ... Read more

    Affected Products : firefox firefox_esr thunderbird windows
    • EPSS Score: %4.31
    • Published: Jul. 23, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-1545

    Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via vectors involving the sprintf and console functions.... Read more

    Affected Products : netscape_portable_runtime
    • EPSS Score: %3.60
    • Published: Jun. 11, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-1534

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 30.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.... Read more

    Affected Products : firefox
    • EPSS Score: %1.91
    • Published: Jun. 11, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-1493

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to cause a denial of service (memory corruption and applicat... Read more

    • EPSS Score: %1.47
    • Published: Mar. 19, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-1562

    Unspecified vulnerability in the browser engine in Mozilla Firefox before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote attackers to cause a denial of service (memory corruptio... Read more

    Affected Products : firefox firefox_esr thunderbird
    • EPSS Score: %1.01
    • Published: Sep. 03, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-1550

    Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio c... Read more

    Affected Products : firefox thunderbird
    • EPSS Score: %2.98
    • Published: Jul. 23, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2010-1119

    Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (... Read more

    • EPSS Score: %24.42
    • Published: Mar. 25, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2014-1528

    The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by pain... Read more

    • EPSS Score: %1.12
    • Published: Apr. 30, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-1486

    Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecifi... Read more

    • EPSS Score: %10.82
    • Published: Feb. 06, 2014
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2014-1373

    Intel Graphics Driver in Apple OS X before 10.9.4 does not properly restrict an unspecified OpenGL API call, which allows attackers to execute arbitrary code via a crafted application.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %1.48
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-28902

    Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root in cmd_subsys.php.... Read more

    Affected Products : fusion
    • EPSS Score: %2.74
    • Published: May. 24, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-1094

    Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP serv... Read more

    Affected Products : jre sdk jdk
    • EPSS Score: %6.27
    • Published: Mar. 25, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2014-1356

    Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that sends IPC messages.... Read more

    Affected Products : mac_os_x iphone_os tvos
    • EPSS Score: %3.25
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2010-0581

    Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the "SIP Packet Parsing Arbitrary Code Execution Vulnerability."... Read more

    Affected Products : ios
    • EPSS Score: %4.10
    • Published: Mar. 25, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-28900

    Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh.... Read more

    Affected Products : nagios_xi fusion
    • EPSS Score: %0.47
    • Published: May. 24, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-10970

    In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon succes... Read more

    • EPSS Score: %0.04
    • Published: Jul. 11, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-1358

    Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application.... Read more

    Affected Products : mac_os_x iphone_os tvos
    • EPSS Score: %3.18
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-1381

    Thunderbolt in Apple OS X before 10.9.4 does not properly restrict IOThunderBoltController API calls, which allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application crash) via a crafted call.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %1.33
    • Published: Jul. 01, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-1314

    WindowServer in Apple OS X through 10.9.2 does not prevent session creation by a sandboxed application, which allows attackers to bypass the sandbox protection mechanism and execute arbitrary code via a crafted application.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.29
    • Published: Apr. 23, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 292508 Results