Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2008-4866

    Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay greater than MAX_REORDER_D... Read more

    Affected Products : mplayer ffmpeg
    • EPSS Score: %7.43
    • Published: Nov. 01, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2012-3358

    Multiple heap-based buffer overflows in the j2k_read_sot function in j2k.c in OpenJPEG 1.5 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted (1) tile number or (2) tile length in a JP... Read more

    Affected Products : openjpeg
    • EPSS Score: %4.46
    • Published: Jul. 18, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2008-5010

    in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the "number of offers," aka Bug ... Read more

    Affected Products : solaris opensolaris
    • EPSS Score: %10.10
    • Published: Nov. 10, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2017-6316

    Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote attackers to execute arbitrary shell commands as root via a CGISESSID cookie. On CloudBridge (the former name of NetScaler SD-WAN) devices, the cookie name was CAKEPHP rather than CGISE... Read more

    Affected Products : netscaler_sd-wan
    • Actively Exploited
    • EPSS Score: %88.43
    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2008-5184

    The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel R... Read more

    Affected Products : cups
    • EPSS Score: %0.28
    • Published: Nov. 21, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-3952

    Buffer overflow in Adobe Illustrator CS3 13.0.3 and earlier and Illustrator CS4 14.0.0 allows attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : illustrator
    • EPSS Score: %21.93
    • Published: Jan. 08, 2010
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2012-4212

    Use-after-free vulnerability in the XPCWrappedNative::Mark function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) ... Read more

    • EPSS Score: %2.16
    • Published: Nov. 21, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-4681

    Multiple vulnerabilities in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allow remote attackers to execute arbitrary code via a crafted applet that bypasses SecurityManager restrictions by (1) using com.sun.beans.f... Read more

    • Actively Exploited
    • EPSS Score: %94.14
    • Published: Aug. 28, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2017-3077

    Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the PNG image parser. Successful exploitation could lead to arbitrary code execution.... Read more

    • EPSS Score: %53.86
    • Published: Jun. 20, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2018-4918

    Adobe Acrobat and Reader versions 2018.009.20050 and earlier, 2017.011.30070 and earlier, 2015.006.30394 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of th... Read more

    • EPSS Score: %2.04
    • Published: May. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-0125

    RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, and Mac RealPlayer 11.0 through 12.0.0.1444 do not properly parse spectral data in AAC files, which has unspecified impact and remote attack vectors.... Read more

    Affected Products : realplayer mac_os_x realplayer_sp
    • EPSS Score: %0.40
    • Published: Dec. 14, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-7241

    Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules.... Read more

    • EPSS Score: %0.58
    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-8421

    A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input, aka ".NET Framework Remote Code Execution Vulnerability." This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framewo... Read more

    • EPSS Score: %30.48
    • Published: Sep. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-1119

    Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (... Read more

    • EPSS Score: %24.42
    • Published: Mar. 25, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2017-7826

    Memory safety bugs were reported in Firefox 56 and Firefox ESR 52.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Fir... Read more

    • EPSS Score: %2.51
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-7895

    The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, ... Read more

    Affected Products : linux_kernel debian_linux
    • EPSS Score: %25.45
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2009-1094

    Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP serv... Read more

    Affected Products : jre sdk jdk
    • EPSS Score: %6.27
    • Published: Mar. 25, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2010-0581

    Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the "SIP Packet Parsing Arbitrary Code Execution Vulnerability."... Read more

    Affected Products : ios
    • EPSS Score: %4.10
    • Published: Mar. 25, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2019-10970

    In Rockwell Automation PanelView 5510 (all versions manufactured before March 13, 2019 that have never been updated to v4.003, v5.002, or later), a remote, unauthenticated threat actor with access to an affected PanelView 5510 Graphic Display, upon succes... Read more

    • EPSS Score: %0.04
    • Published: Jul. 11, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-0422

    Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then r... Read more

    Affected Products : ubuntu_linux jdk jre opensuse
    • Actively Exploited
    • EPSS Score: %93.68
    • Published: Jan. 10, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 291513 Results