Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2019-7970

    Adobe Photoshop CC versions 19.1.8 and earlier and 20.0.5 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : macos photoshop_cc windows
    • EPSS Score: %27.47
    • Published: Aug. 26, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-2884

    Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues."... Read more

    Affected Products : lotus_symphony
    • EPSS Score: %2.20
    • Published: Jul. 27, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-2794

    Unspecified vulnerability in the decode_mb_info function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the "allocated tile size ... mismatches parameters."... Read more

    Affected Products : ffmpeg libav
    • EPSS Score: %0.84
    • Published: Sep. 10, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-4154

    Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-... Read more

    Affected Products : mac_os_x acrobat acrobat_reader windows
    • EPSS Score: %6.55
    • Published: Aug. 15, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2019-8196

    Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation... Read more

    • EPSS Score: %29.78
    • Published: Oct. 17, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-0775

    Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via "cloned XUL DOM elements which were linked as a parent and child," which are not prop... Read more

    Affected Products : firefox thunderbird seamonkey
    • EPSS Score: %6.58
    • Published: Mar. 05, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2019-7051

    Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an untrusted pointer dereference vulnerability. Successful exploitation could lead to arbitra... Read more

    • EPSS Score: %10.14
    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-1523

    The __group_complete_signal function in the RCU signal handling (signal.c) in Linux kernel 2.6.16, and possibly other versions, has unknown impact and attack vectors related to improper use of BUG_ON.... Read more

    Affected Products : linux_kernel
    • EPSS Score: %0.61
    • Published: Apr. 12, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2025-2857

    Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sand... Read more

    Affected Products : firefox firefox_esr
    • Published: Mar. 27, 2025
    • Modified: May. 01, 2025
    • Vuln Type: Authorization

  • 10.0

    HIGH
    CVE-2011-3521

    Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confident... Read more

    Affected Products : jre jdk
    • EPSS Score: %5.86
    • Published: Oct. 19, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2006-2189

    SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. NOTE: this issue can be used to trigger path disclosure. In addition, it might be primary to vector 1 i... Read more

    Affected Products : sblog
    • EPSS Score: %1.05
    • Published: May. 04, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2014-7169

    GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment... Read more

    • Actively Exploited
    • EPSS Score: %90.11
    • Published: Sep. 25, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2012-5273

    Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4173, CVE-2012-4174, and CVE-2012-4175.... Read more

    Affected Products : shockwave_player
    • EPSS Score: %3.71
    • Published: Oct. 23, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2015-5541

    Heap-based buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execu... Read more

    • EPSS Score: %10.64
    • Published: Aug. 14, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-5551

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to exe... Read more

    • EPSS Score: %53.50
    • Published: Aug. 14, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2013-1080

    The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload... Read more

    Affected Products : zenworks_configuration_management
    • EPSS Score: %72.92
    • Published: Mar. 29, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-1372

    Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on Windows, before 10.3.183.61 and 11.x before 11.6.602.167 on Mac OS X, before 10.3.183.61 and 11.x before 11.2.202.270 on Linux, before 11.1.111.43 on Android 2.x and ... Read more

    • EPSS Score: %4.19
    • Published: Feb. 12, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2015-5574

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.... Read more

    • EPSS Score: %71.01
    • Published: Sep. 22, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2012-0467

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause a de... Read more

    • EPSS Score: %2.91
    • Published: Apr. 25, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-0428

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, ... Read more

    Affected Products : jdk jre jre jdk
    • EPSS Score: %1.82
    • Published: Feb. 02, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 291741 Results