Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2011-3651

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.... Read more

    Affected Products : firefox thunderbird
    • Published: Nov. 09, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-19142

    iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php.... Read more

    Affected Products : icms
    • Published: Dec. 10, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-3654

    The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or... Read more

    Affected Products : firefox thunderbird
    • Published: Nov. 09, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2008-3616

    Multiple integer overflows in the SearchKit API in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via vectors associated with "passing untrusted i... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Sep. 16, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-3522

    Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.... Read more

    Affected Products : jasper enterprise_virtualization
    • Published: Oct. 02, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2014-0410

    Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0415,... Read more

    Affected Products : jdk jre
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-18758

    An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to execute arbitrary code.... Read more

    Affected Products : mac1100_plc_firmware mac1100_plc
    • Published: Aug. 13, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-3499

    Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an EIDP packet with a large size field, which writes a zero byte to an arbitrary mem... Read more

    Affected Products : movicon movicon_powerhmi
    • Published: Sep. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-2414

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ... Read more

    Affected Products : jdk jre javafx
    • Published: Apr. 17, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-3521

    Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confident... Read more

    Affected Products : jre jdk
    • Published: Oct. 19, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-3496

    service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.... Read more

    Affected Products : scadapro scadapro_server
    • Published: Sep. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-2900

    Google Chrome before 5.0.375.125 does not properly handle a large canvas, which has unspecified impact and remote attack vectors.... Read more

    Affected Products : chrome
    • Published: Jul. 28, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-3493

    Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) domain, (2) report_domain, (3) regis... Read more

    Affected Products : cogent_datahub
    • Published: Sep. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-3491

    Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative Content-Length field.... Read more

    Affected Products : movicon movicon_powerhmi
    • Published: Sep. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-3478

    The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute a... Read more

    Affected Products : pcanywhere
    • Published: Jan. 25, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-3495

    Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command.... Read more

    Affected Products : scadapro scadapro_server
    • Published: Sep. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2021-1291

    Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. T... Read more

    • Published: Feb. 04, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-3488

    Use-after-free vulnerability in Equis MetaStock 11 and earlier allows remote attackers to execute arbitrary code via a malformed (1) mwc chart, (2) mws chart, (3) mwt template, or (4) mwl layout.... Read more

    Affected Products : metastock
    • Published: Sep. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2015-0315

    Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability... Read more

    • Published: Feb. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2011-3322

    Core Server HMI Service (Coreservice.exe) in Scadatec Limited Procyon SCADA 1.06, and other versions before 1.14, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password to the Telnet (TCP/23) p... Read more

    Affected Products : procyon_scada
    • Published: Sep. 15, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 293508 Results