Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2007-6521

    Unspecified vulnerability in Opera before 9.25 allows remote attackers to execute arbitrary code via crafted TLS certificates.... Read more

    Affected Products : opera_browser
    • Published: Dec. 24, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2013-5329

    Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210, and Adobe AIR SDK & Compiler before 3.9.0.1210 allow a... Read more

    • Published: Nov. 13, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2015-4860

    Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883.... Read more

    Affected Products : jdk jre
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2011-3660

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly ... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Dec. 21, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-3651

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.... Read more

    Affected Products : firefox thunderbird
    • Published: Nov. 09, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-19142

    iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php.... Read more

    Affected Products : icms
    • Published: Dec. 10, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-3654

    The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or... Read more

    Affected Products : firefox thunderbird
    • Published: Nov. 09, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2008-3616

    Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted i... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Sep. 16, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-3522

    Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.... Read more

    Affected Products : jasper enterprise_virtualization
    • Published: Oct. 02, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2014-0410

    Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0415,... Read more

    Affected Products : jdk jre
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-18758

    An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to execute arbitrary code.... Read more

    Affected Products : mac1100_plc_firmware mac1100_plc
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-3499

    Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an EIDP packet with a large size field, which writes a zero byte to an arbitrary mem... Read more

    Affected Products : movicon movicon_powerhmi
    • Published: Sep. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-2414

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ... Read more

    Affected Products : jdk jre javafx
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-3521

    Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confident... Read more

    Affected Products : jre jdk
    • Published: Oct. 19, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-3496

    service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.... Read more

    Affected Products : scadapro scadapro_server
    • Published: Sep. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-2900

    Google Chrome before 5.0.375.125 does not properly handle a large canvas, which has unspecified impact and remote attack vectors.... Read more

    Affected Products : chrome
    • Published: Jul. 28, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-3493

    Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) domain, (2) report_domain, (3) regis... Read more

    Affected Products : cogent_datahub
    • Published: Sep. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-3491

    Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative Content-Length field.... Read more

    Affected Products : movicon movicon_powerhmi
    • Published: Sep. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-3478

    The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute a... Read more

    Affected Products : pcanywhere
    • Published: Jan. 25, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-3495

    Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command.... Read more

    Affected Products : scadapro scadapro_server
    • Published: Sep. 16, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 292770 Results