Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2007-1006

    Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet.... Read more

    Affected Products : ekiga
    • EPSS Score: %3.74
    • Published: Feb. 20, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2010-3187

    Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote attackers to execute arbitrary code via a long NLST command.... Read more

    Affected Products : aix
    • EPSS Score: %79.53
    • Published: Aug. 30, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-5964

    Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code vi... Read more

    Affected Products : portable_sdk_for_upnp
    • EPSS Score: %70.13
    • Published: Jan. 31, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2009-1636

    Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command... Read more

    Affected Products : groupwise
    • EPSS Score: %68.14
    • Published: May. 26, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0062

    Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, AC... Read more

    • EPSS Score: %5.40
    • Published: Sep. 21, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2014-1537

    Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.... Read more

    Affected Products : firefox
    • EPSS Score: %1.51
    • Published: Jun. 11, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2009-4212

    Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly exec... Read more

    Affected Products : kerberos_5 kerberos
    • EPSS Score: %20.91
    • Published: Jan. 13, 2010
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-2815

    The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private... Read more

    Affected Products : internet_information_services iis
    • EPSS Score: %56.43
    • Published: May. 22, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2003-0522

    Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 allow remote attackers to (1) gain access to the admin control panel via the idadmin parameter to login.asp or (2) gain other privileges via the Email parameter to Custva.asp.... Read more

    Affected Products : productcart
    • EPSS Score: %0.46
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0528

    Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-200... Read more

    • EPSS Score: %67.37
    • Published: Sep. 17, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2013-2473

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and a... Read more

    Affected Products : jdk jre jre jdk
    • EPSS Score: %27.32
    • Published: Jun. 18, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-3327

    Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.... Read more

    • EPSS Score: %4.00
    • Published: May. 16, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2008-2041

    Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have unspecified attack vectors and "grave" impact when the web server has write access to a directory under the web document root.... Read more

    Affected Products : egroupware
    • EPSS Score: %0.53
    • Published: Apr. 30, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2014-0457

    Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.... Read more

    • EPSS Score: %10.87
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2012-5965

    Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code vi... Read more

    Affected Products : portable_sdk_for_upnp
    • EPSS Score: %69.49
    • Published: Jan. 31, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2014-2523

    net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers... Read more

    Affected Products : linux_kernel ubuntu_linux
    • EPSS Score: %3.56
    • Published: Mar. 24, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-0294

    Microsoft Forefront Protection 2010 for Exchange Server does not properly parse e-mail content, which might allow remote attackers to execute arbitrary code via a crafted message, aka "RCE Vulnerability."... Read more

    • EPSS Score: %27.21
    • Published: Feb. 12, 2014
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-15965

    Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : coldfusion
    • EPSS Score: %40.11
    • Published: Sep. 25, 2018
    • Modified: May. 06, 2025

  • 10.0

    HIGH
    CVE-2017-11293

    An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. An exploitable memory corruption vulnerability exists. Su... Read more

    • EPSS Score: %10.80
    • Published: Dec. 09, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2019-12928

    The QMP migrate command in QEMU version 4.0.0 and earlier is vulnerable to OS command injection, which allows the remote attacker to achieve code execution, denial of service, or information disclosure by sending a crafted QMP command to the listening ser... Read more

    Affected Products : qemu
    • EPSS Score: %4.84
    • Published: Jun. 24, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291398 Results