Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2023-28100

    Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Versions prior to 1.10.8, 1.12.8, 1.14.4, and 1.15.4 contain a vulnerability similar to CVE-2017-5226, but using the `TIOCLINUX` ioctl command instead of ... Read more

    Affected Products : flatpak
    • Published: Mar. 16, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-1350

    A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.... Read more

    • Actively Exploited
    • Published: Jul. 14, 2020
    • Modified: Apr. 08, 2025

  • 10.0

    HIGH
    CVE-2011-5254

    Unspecified vulnerability in the Connections plugin before 0.7.1.6 for WordPress has unknown impact and attack vectors.... Read more

    Affected Products : wordpress connections
    • Published: Jan. 12, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-5096

    Stack-based buffer overflow in cstore.exe in the Media Application Server (MAS) in Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary c... Read more

    Affected Products : aura_application_server_5300
    • Published: Jul. 03, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-5059

    Stack-based buffer overflow in Final Draft 8 before 8.02 allows remote attackers to execute arbitrary code via a crafted SmartType element, a different vulnerability than CVE-2011-5002. NOTE: the provenance of this information is unknown; the details are... Read more

    Affected Products : finaldraft
    • Published: Jan. 10, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2007-5325

    Multiple buffer overflows in (1) the Message Engine and (2) AScore.dll in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, allow remote attackers to execute arbitrary code via unspecified vectors.... Read more

    • Published: Oct. 13, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2011-5010

    apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a "u" action.... Read more

    Affected Products : skyrouter
    • Published: Dec. 25, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-5003

    Stack-based buffer overflow in the Phonetic Indexer (AvidPhoneticIndexer.exe) in Avid Media Composer 5.5.3 and earlier allows remote attackers to execute arbitrary code via a long request to TCP port 4659.... Read more

    Affected Products : media_composer
    • Published: Dec. 25, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-5002

    Multiple stack-based buffer overflows in Final Draft 8 before 8.02 allow remote attackers to execute arbitrary code via a .fdx or .fdxt file with long (1) Word, (2) Transition, (3) Location, (4) Extension, (5) SceneIntro, (6) TimeOfDay, and (7) Character ... Read more

    Affected Products : finaldraft
    • Published: Dec. 25, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-6026

    The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify setti... Read more

    • Published: Oct. 19, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2024-1709

    ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. ... Read more

    Affected Products : screenconnect
    • Actively Exploited
    • Published: Feb. 21, 2024
    • Modified: Jan. 27, 2025

  • 10.0

    HIGH
    CVE-2011-4857

    Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers to execute arbitrary code via crafted song message data in an Impulse Tracker (IT) file. NOTE: some of these details are obtained from third party informat... Read more

    Affected Products : winamp
    • Published: Dec. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2015-5553

    Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a de... Read more

    • Published: Aug. 14, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-5561

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to exe... Read more

    • Published: Aug. 14, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-5565

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to exe... Read more

    • Published: Aug. 14, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2011-4762

    Parallels Plesk Small Business Panel 10.2.0 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/app/top-categories-data/ and ce... Read more

    • Published: Dec. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-4749

    The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation,... Read more

    • Published: Dec. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-4752

    SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files... Read more

    Affected Products : smarterstats
    • Published: Dec. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-28960

    Chichen Tech CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the file product_list.php via the id and cid parameters.... Read more

    Affected Products : chichen_tech_cms
    • Published: Oct. 22, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-4719

    Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.63 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.... Read more

    • Published: Dec. 09, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 293335 Results