Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2009-2467

    Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a Flash object, a slow script dialog, and the unloading of the Flash plugi... Read more

    Affected Products : firefox
    • EPSS Score: %5.19
    • Published: Jul. 22, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2471

    The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper.... Read more

    Affected Products : firefox
    • EPSS Score: %2.24
    • Published: Jul. 22, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2010-3568

    Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE:... Read more

    Affected Products : jre sdk jdk
    • EPSS Score: %9.13
    • Published: Oct. 19, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-2729

    Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2727.... Read more

    • Actively Exploited
    • EPSS Score: %90.24
    • Published: May. 16, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2009-3380

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via u... Read more

    Affected Products : firefox
    • EPSS Score: %3.35
    • Published: Oct. 29, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2019-18253

    An attacker could use specially crafted paths in a specific request to read or delete files from Relion 670 Series (versions 1p1r26, 1.2.3.17, 2.0.0.10, RES670 2.0.0.4, 2.1.0.1, and prior) outside the intended directory.... Read more

    Affected Products : relion_670_firmware relion_670
    • EPSS Score: %0.39
    • Published: Nov. 27, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-3739

    Multiple unspecified vulnerabilities on the Rockwell Automation AB Micrologix 1100 and 1400 controllers allow remote attackers to obtain privileged access or cause a denial of service (halt) via unknown vectors.... Read more

    • EPSS Score: %0.06
    • Published: Jan. 19, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2009-4000

    Directory traversal vulnerability in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to overwrite arbitrary files, and execute arbitrary code, via directory traversal sequences in the fileName parameter.... Read more

    Affected Products : power_manager
    • EPSS Score: %31.58
    • Published: Jan. 20, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2016-3645

    Integer overflow in the TNEF unpacker in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 ... Read more

    • EPSS Score: %75.55
    • Published: Jun. 30, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2019-5021

    Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed usi... Read more

    • EPSS Score: %3.71
    • Published: May. 08, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-16462

    Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a buffer error vulnerability. Successful exploitation could lea... Read more

    • EPSS Score: %3.62
    • Published: Dec. 19, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-7193

    This improper input validation vulnerability allows remote attackers to inject arbitrary code to the system. To fix the vulnerability, QNAP recommend updating QTS to their latest versions.... Read more

    Affected Products : qts
    • Actively Exploited
    • EPSS Score: %41.50
    • Published: Dec. 05, 2019
    • Modified: Feb. 13, 2025

  • 10.0

    HIGH
    CVE-2015-8402

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler befor... Read more

    • EPSS Score: %10.68
    • Published: Dec. 10, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-8413

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler befor... Read more

    • EPSS Score: %58.48
    • Published: Dec. 10, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-28901

    Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php.... Read more

    Affected Products : fusion
    • EPSS Score: %1.32
    • Published: May. 24, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-0079

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x before 4.0.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to gfx/laye... Read more

    Affected Products : firefox
    • EPSS Score: %4.93
    • Published: May. 07, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-0085

    Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the cu... Read more

    Affected Products : firefox thunderbird seamonkey
    • EPSS Score: %2.45
    • Published: Jun. 30, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2019-3809

    A flaw was found in Moodle versions 3.1 to 3.1.15 and earlier unsupported versions. The mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of b... Read more

    Affected Products : moodle
    • EPSS Score: %0.24
    • Published: Mar. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-3751

    Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .... Read more

    • EPSS Score: %4.38
    • Published: Feb. 13, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-5034

    Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5033.... Read more

    Affected Products : atmail
    • EPSS Score: %0.38
    • Published: Jan. 12, 2014
    • Modified: Apr. 11, 2025
Showing 20 of 291736 Results