Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2015-6788

    The ObjectBackedNativeHandler class in extensions/renderer/object_backed_native_handler.cc in the extensions subsystem in Google Chrome before 47.0.2526.80 improperly implements handler functions, which allows remote attackers to cause a denial of service... Read more

    Affected Products : chrome
    • EPSS Score: %4.25
    • Published: Dec. 14, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2007-6693

    Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a "proxied request."... Read more

    Affected Products : gallery_webcam_module
    • EPSS Score: %0.63
    • Published: Jan. 17, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2005-2541

    Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.... Read more

    Affected Products : tar
    • EPSS Score: %3.25
    • Published: Aug. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2011-0474

    Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified othe... Read more

    Affected Products : debian_linux chrome chrome_os
    • EPSS Score: %2.88
    • Published: Jan. 14, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-1532

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier and 6 Update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to De... Read more

    Affected Products : jdk jre jre jdk
    • EPSS Score: %10.01
    • Published: Oct. 16, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-1541

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deploymen... Read more

    Affected Products : jdk jre jre jdk
    • EPSS Score: %9.54
    • Published: Feb. 02, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2014-0422

    Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; Java SE Embedded 7u45; and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JNDI. NOTE: the previous information is from th... Read more

    Affected Products : jdk jre
    • EPSS Score: %8.13
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2024-43102

    Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub-request of UMTX_OP_SHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early. A... Read more

    Affected Products : freebsd
    • Published: Sep. 05, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-1852

    Multiple stack-based buffer overflows in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allow remote attackers to execute arbitrary code via crafted packet content accompanying a (1) DATA or (2) ERROR opcode.... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %42.60
    • Published: May. 13, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-2457

    Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code via un... Read more

    • EPSS Score: %5.06
    • Published: Nov. 11, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-2802

    Unspecified vulnerability in the ac3_decode_frame function in libavcodec/ac3dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the "number of output channels" and "out of array writes."... Read more

    Affected Products : ffmpeg libav
    • EPSS Score: %0.91
    • Published: Sep. 10, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2019-7806

    Adobe Acrobat and Reader versions 2019.010.20100 and earlier, 2019.010.20099 and earlier, 2017.011.30140 and earlier, 2017.011.30138 and earlier, 2015.006.30495 and earlier, and 2015.006.30493 and earlier have a use after free vulnerability. Successful ex... Read more

    • EPSS Score: %2.07
    • Published: May. 22, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-7816

    ColdFusion versions Update 2 and earlier, Update 9 and earlier, and Update 17 and earlier have a file upload restriction bypass vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : coldfusion
    • EPSS Score: %4.82
    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-23660

    A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this sec... Read more

    Affected Products : clearpass_policy_manager
    • EPSS Score: %2.11
    • Published: May. 16, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-2991

    The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and appl... Read more

    Affected Products : firefox thunderbird seamonkey
    • EPSS Score: %4.12
    • Published: Aug. 18, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-3970

    Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute ar... Read more

    • EPSS Score: %2.74
    • Published: Aug. 29, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2019-7018

    Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code executi... Read more

    • EPSS Score: %17.20
    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-20282

    A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. This vulnerabilit... Read more

    • Published: Jun. 25, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authentication

  • 10.0

    HIGH
    CVE-2012-5143

    Integer overflow in Google Chrome before 23.0.1271.97 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PPAPI image buffers.... Read more

    Affected Products : chrome opensuse
    • EPSS Score: %1.70
    • Published: Dec. 12, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2014-0501

    Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0500.... Read more

    Affected Products : shockwave_player
    • EPSS Score: %24.48
    • Published: Feb. 12, 2014
    • Modified: Apr. 11, 2025
Showing 20 of 291659 Results