Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2010-1223

    Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote attackers to execute arbitrary code via (1) a malformed request to the ws_man/xosoapapi.asmx SOAP endpoint or (2) a long string to the entry_point.aspx service.... Read more

    • Published: Apr. 07, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-1120

    Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010.... Read more

    Affected Products : mac_os_x safari
    • Published: Mar. 25, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-1121

    Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving i... Read more

    Affected Products : firefox
    • Published: Mar. 25, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-1118

    Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at... Read more

    Affected Products : windows_7 internet_explorer
    • Published: Mar. 25, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-0998

    Multiple stack-based buffer overflows in Free Download Manager (FDM) before 3.0.852 allow remote attackers to execute arbitrary code via vectors involving (1) the folders feature in Site Explorer, (2) the websites feature in Site Explorer, (3) an FTP URI,... Read more

    Affected Products : free_download_manager
    • Published: May. 17, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-0990

    Stack-based buffer overflow in Creative Software AutoUpdate Engine ActiveX Control 2.0.12.0, as used in Creative Software AutoUpdate 1.40.01, allows remote attackers to execute arbitrary code via vectors related to the BrowseFolder method.... Read more

    • Published: Jun. 15, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2007-6048

    IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for DB2NODES.CFG, which has unknown impact and attack vectors. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.... Read more

    • Published: Nov. 20, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2010-0898

    Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.... Read more

    Affected Products : secure_backup
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-0873

    Unspecified vulnerability in the Data Server component in Oracle TimesTen In-Memory Database 7.0.6.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.... Read more

    Affected Products : timesten_in-memory_database
    • Published: Jul. 13, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-14343

    A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the l... Read more

    • Published: Feb. 09, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-1972

    Use-after-free vulnerability in the nsHTMLEditor::CollapseAdjacentTextNodes function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attac... Read more

    • Published: Aug. 29, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-4859

    The Schneider Electric Quantum Ethernet Module, as used in the Quantum 140NOE771* and 140CPU65* modules, the Premium TSXETY* and TSXP57* modules, the M340 BMXNOE01* and BMXP3420* modules, and the STB DIO STBNIC2212 and STBNIP2* modules, uses hardcoded pas... Read more

    • Published: Dec. 17, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-4789

    Stack-based buffer overflow in magentservice.exe in the server in HP LoadRunner 11.00 before patch 4 allows remote attackers to execute arbitrary code via a crafted size value in a packet. NOTE: it was originally reported that the affected product is HP ... Read more

    Affected Products : diagnostics
    • Published: Jan. 13, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2024-11639

    An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access... Read more

    Affected Products : cloud_services_appliance
    • Published: Dec. 10, 2024
    • Modified: Jan. 17, 2025

  • 10.0

    HIGH
    CVE-2010-0689

    The ExecuteExe method in the DVBSExeCall Control ActiveX control 1.0.0.1 in DVBSExeCall.ocx in DATEV Base System (aka Grundpaket Basis) allows remote attackers to execute arbitrary commands via unspecified vectors.... Read more

    Affected Products : base_system
    • Published: Feb. 26, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-4761

    Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving domains/sitebuilder_ed... Read more

    • Published: Dec. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-0646

    Multiple integer signedness errors in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays.... Read more

    Affected Products : chrome
    • Published: Feb. 18, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-0600

    Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before 2.2.1.dev.1, and 3.0 before 3.0.9.release.1 on the Cisco Network Building Mediator NBM-2400 and NBM-4800 and the Richards-Zeta Mediator 2500 does not properly restrict network access to ... Read more

    • Published: May. 27, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2007-3911

    Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka scheduler client) and (2) srvscheduler.exe (aka scheduler server) in BakBone NetVault Reporter 3.5 before Update4 allow remote attackers to execute arbitrary code via long filename argument... Read more

    Affected Products : netvault_reporter
    • Published: Jul. 30, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-14260

    HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Domino or execute attacker-controlled code on the server system.... Read more

    Affected Products : domino
    • Published: Dec. 02, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 293249 Results