Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2012-4874

    Unspecified vulnerability in the Another WordPress Classifieds Plugin before 2.0 for WordPress has unknown impact and attack vectors related to "image uploads."... Read more

    • Published: Sep. 06, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-2495

    The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP implementation in the Linux kernel before 2.6.34 does not properly validate certain values associated with an interface, which allows attackers to cause a denial of service (NULL pointer der... Read more

    • Published: Sep. 08, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2016-1048

    Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary ... Read more

    • Published: May. 11, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1050

    Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary ... Read more

    • Published: May. 11, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2012-4711

    Buffer overflow in kingMess.exe 65.20.2003.10300 in WellinTech KingView 6.52, kingMess.exe 65.20.2003.10400 in KingView 6.53, and kingMess.exe 65.50.2011.18049 in KingView 6.55 allows remote attackers to execute arbitrary code or cause a denial of service... Read more

    Affected Products : kingview
    • Published: Feb. 15, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2022-20700

    Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more

    • Actively Exploited
    • Published: Feb. 10, 2022
    • Modified: Mar. 13, 2025

  • 10.0

    CRITICAL
    CVE-2022-20709

    Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization... Read more

    • Published: Feb. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-4786

    The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbi... Read more

    • Published: Dec. 12, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-4298

    In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, a permissions issue existed in Remote Management. This issue was addressed through improved permission validation.... Read more

    Affected Products : mac_os_x iphone_os watchos apple_tv
    • Published: Jan. 11, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-21650

    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allows an attacker to execute arbitrary ... Read more

    Affected Products : xwiki
    • Published: Jan. 08, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-20827

    Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more informati... Read more

    • Published: Aug. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-26894

    Windows DNS Server Remote Code Execution Vulnerability... Read more

    • Published: Mar. 11, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-4707

    3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to execute arbitrary code via vectors that trigger an out-of-bounds memory access.... Read more

    Affected Products : codesys_gateway-server
    • Published: Feb. 24, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-2995

    The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark 0.10.8 through 1.0.14 and 1.2.0 through 1.2.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to sigcomp-udvm.c and... Read more

    Affected Products : wireshark
    • Published: Aug. 13, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-3113

    Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not properly handle SVG documents, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors related to s... Read more

    Affected Products : ubuntu_linux chrome webkitgtk
    • Published: Aug. 24, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2024-21574

    The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. This allows an attacker to craft a request that triggers a pi... Read more

    Affected Products :
    • Published: Dec. 12, 2024
    • Modified: Dec. 12, 2024

  • 10.0

    CRITICAL
    CVE-2024-21577

    ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACE_ExpressionEval node contains an eval() in its entrypoint function that accepts arbitrary user-controlled data. A user can create a workflow that results in executing arbitrary code on the server.... Read more

    Affected Products :
    • Published: Dec. 13, 2024
    • Modified: Dec. 13, 2024

  • 10.0

    HIGH
    CVE-2012-4333

    Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fname p... Read more

    Affected Products : net-i_viewer
    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-4328

    Unspecified vulnerability in the MAPI in vBulletin Suite 4.1.2 through 4.1.12, Forum 4.1.2 through 4.1.12, and the MAPI plugin 1.4.3 for vBulletin 3.x has unknown impact and attack vectors.... Read more

    • Published: Aug. 14, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-3092

    The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service (invalid write operation) or possibly have unspecified other impact via unknown vectors.... Read more

    Affected Products : chrome
    • Published: May. 16, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293350 Results