Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2009-2935

    Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript.... Read more

    Affected Products : chrome
    • Published: Aug. 27, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2753

    Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow rem... Read more

    Affected Products : informix_dynamic_server
    • Published: Mar. 05, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2009-2754

    Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Leg... Read more

    • Published: Mar. 05, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2009-2741

    Unspecified vulnerability in the wberuntimeear application in the test servlet in IBM WebSphere Business Events 6.1 and 6.2 allows remote attackers to execute arbitrary code via unknown vectors.... Read more

    Affected Products : websphere_business_events
    • Published: Sep. 18, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2667

    Unspecified vulnerability in IBM Tivoli Key Lifecycle Manager (TKLM) 1.0 has unknown impact and attack vectors, related to a "password security vulnerability."... Read more

    Affected Products : tklm
    • Published: Aug. 05, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2675

    Integer overflow in the unpack200 utility in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows context-dependent attackers to gain privileges via unspecified length fields in the header of a... Read more

    Affected Products : jre jdk
    • Published: Aug. 05, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2505

    The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitr... Read more

    Affected Products : windows_server_2008 windows_vista
    • Published: Dec. 09, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2011-4369

    Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x thro... Read more

    • Published: Dec. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2009-2468

    Integer overflow in Apple CoreGraphics, as used in Safari before 4.0.3, Mozilla Firefox before 3.0.12, and Mac OS X 10.4.11 and 10.5.8, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long ... Read more

    Affected Products : firefox
    • Published: Jul. 22, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2462

    The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) the frame chain and synchronou... Read more

    Affected Products : firefox thunderbird
    • Published: Jul. 22, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2464

    The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrar... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Jul. 22, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2317

    The Axesstel MV 410R has a certain default administrator password, and does not force a password change, which makes it easier for remote attackers to obtain access.... Read more

    Affected Products : mv_410r
    • Published: Jul. 05, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2300

    The management interface in the phion airlock Web Application Firewall (WAF) 4.1-10.41 does not properly handle CGI requests that specify large width and height parameters for an image, which allows remote attackers to execute arbitrary commands or cause ... Read more

    Affected Products : airlock_web_application_firewall
    • Published: Jul. 02, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2227

    Stack-based buffer overflow in B Labs Bopup Communication Server 3.2.26.5460 allows remote attackers to execute arbitrary code via a crafted request to TCP port 19810.... Read more

    Affected Products : bopup_communication_server
    • Published: Jun. 26, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2271

    The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and has (2) a default password of admin for the admin account in the telnet interface; which makes it easier for remote attackers... Read more

    Affected Products : d100
    • Published: Jul. 01, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2296

    The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows remote attackers to access shares, and read, create, and modify arbitrary files, via unspecified vectors.... Read more

    Affected Products : solaris opensolaris
    • Published: Jul. 02, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2193

    Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Aug. 06, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2204

    Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrate... Read more

    Affected Products : iphone_os
    • Published: Aug. 03, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2030

    Unspecified vulnerability in the XML Digital Signature verification functionality in JVA-RUN in JDK 6.0 in IBM OS/400 i5/OS V5R4M0 and V6R1M0 has unknown impact and attack vectors related to "XML SECURITY PATCH."... Read more

    Affected Products : jdk os\/400
    • Published: Jun. 11, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2038

    Unspecified vulnerability in the Finnish Bank Payment module 2.2 for osCommerce has unknown impact and attack vectors related to bank charges.... Read more

    Affected Products : oscommerce finnish_bank_payment
    • Published: Jun. 12, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 293350 Results