Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2012-6068

    The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener ... Read more

    Affected Products : codesys_runtime_system
    • Published: Jan. 21, 2013
    • Modified: Jul. 02, 2025

  • 10.0

    HIGH
    CVE-2018-12798

    Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.... Read more

    • Published: Jul. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-6067

    freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.... Read more

    Affected Products : freeftpd
    • Published: Dec. 04, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-5973

    CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : xcom_data_transport
    • Published: Dec. 10, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2024-23109

    An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 throu... Read more

    Affected Products : fortisiem
    • Published: Feb. 05, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-5962

    Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code vi... Read more

    Affected Products : portable_sdk_for_upnp
    • Published: Jan. 31, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-5963

    Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code vi... Read more

    Affected Products : portable_sdk_for_upnp
    • Published: Jan. 31, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2020-2021

    When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-... Read more

    Affected Products : pan-os
    • Actively Exploited
    • Published: Jun. 29, 2020
    • Modified: Feb. 07, 2025

  • 10.0

    HIGH
    CVE-2012-5932

    Eval injection vulnerability in the ldapagnt_eval function in ldapagnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote attackers to execute arbitrary Perl code via a crafted application/x-amf request.... Read more

    • Published: Dec. 24, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-5959

    Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) before 1.6.18 allows remote attackers to execute arbitrary... Read more

    Affected Products : portable_sdk_for_upnp
    • Published: Jan. 31, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2009-3958

    Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attac... Read more

    • Published: Jan. 13, 2010
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-3959

    Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.... Read more

    • Published: Jan. 13, 2010
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2015-7639

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.... Read more

    • Published: Oct. 18, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2012-5896

    The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, relat... Read more

    Affected Products : intrust
    • Published: Nov. 17, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-5895

    Multiple unspecified vulnerabilities in iRODS before 3.1 have unknown impact and attack vectors.... Read more

    Affected Products : irods
    • Published: Nov. 17, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-5878

    Bulb Security Smartphone Pentest Framework (SPF) 0.1.2 through 0.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostingPath parameter to (1) SEAttack.pl or (2) CSAttack.pl in frameworkgui/ or the (3) appURLPath p... Read more

    Affected Products : smartphone_pentest_framework
    • Published: Jan. 03, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-16459

    Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have an use after free vulnerability. Successful exploitation could ... Read more

    • Published: Dec. 19, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-4093

    Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service... Read more

    • Published: May. 11, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-4257

    Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4256, CVE-2016-4258, CVE-2016-4259, CVE-2016-4260, CVE-2016-42... Read more

    Affected Products : digital_editions
    • Published: Sep. 16, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2012-5677

    Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and... Read more

    • Published: Dec. 12, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293329 Results