Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2009-3073

    Unspecified vulnerability in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.... Read more

    Affected Products : firefox
    • EPSS Score: %6.87
    • Published: Sep. 10, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-3050

    Buffer overflow in the set_page_size function in util.cxx in HTMLDOC 1.8.27 and earlier allows context-dependent attackers to execute arbitrary code via a long MEDIA SIZE comment. NOTE: it was later reported that there were additional vectors in htmllib.... Read more

    Affected Products : htmldoc
    • EPSS Score: %1.49
    • Published: Sep. 02, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-3027

    VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection Server (CPS) 11d, 12.0, and 12.5; Veritas NetBackup Operations Manager (NOM) 6.0 GA through 6.5.5; Veritas Backup Reporter (VBR) 6.0 GA through 6.6; Veritas Storage Foundation (SF) 3.5; ... Read more

    • EPSS Score: %43.91
    • Published: Dec. 11, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2532

    Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a craft... Read more

    Affected Products : windows_server_2008 windows_vista
    • EPSS Score: %61.78
    • Published: Oct. 14, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2494

    The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations aft... Read more

    • EPSS Score: %57.18
    • Published: Aug. 12, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2468

    Integer overflow in Apple CoreGraphics, as used in Safari before 4.0.3, Mozilla Firefox before 3.0.12, and Mac OS X 10.4.11 and 10.5.8, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long ... Read more

    Affected Products : firefox
    • EPSS Score: %23.74
    • Published: Jul. 22, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2462

    The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) the frame chain and synchronou... Read more

    Affected Products : firefox thunderbird
    • EPSS Score: %5.33
    • Published: Jul. 22, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2415

    Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows.... Read more

    Affected Products : memcached memcached
    • EPSS Score: %12.08
    • Published: Aug. 10, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2028

    Multiple unspecified vulnerabilities in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 have unknown impact and attack vectors, related to "Adobe internally discovered iss... Read more

    Affected Products : acrobat acrobat_reader
    • EPSS Score: %4.07
    • Published: Jun. 11, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-1925

    The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby... Read more

    • EPSS Score: %41.90
    • Published: Sep. 08, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-1899

    Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5 on z/OS allows remote authenticate... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %2.53
    • Published: Jun. 03, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-1669

    The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. NOTE: some of these details are... Read more

    Affected Products : smarty
    • EPSS Score: %19.48
    • Published: May. 18, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-1300

    apt 0.7.20 does not check when the date command returns an "invalid date" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight.... Read more

    Affected Products : advanced_package_tool apt
    • EPSS Score: %1.08
    • Published: Apr. 16, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-1251

    Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response... Read more

    Affected Products : openafs unix
    • EPSS Score: %12.63
    • Published: Apr. 09, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-1176

    mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter ends in a '\0' character, which allows remote attackers to conduct buffer-overflow attacks or have unspecified other impact v... Read more

    Affected Products : mapserver mapserver
    • EPSS Score: %2.03
    • Published: Mar. 31, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-1172

    The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknow... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %1.28
    • Published: Mar. 31, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-0921

    Multiple heap-based buffer overflows in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long OvAcceptLang cookie, which triggers the error in ov.dll and ovwww.d... Read more

    • EPSS Score: %35.96
    • Published: Mar. 25, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-0916

    Unspecified vulnerability in Opera before 9.64 has unknown impact and attack vectors, related to a "moderately severe issue."... Read more

    Affected Products : opera_browser
    • EPSS Score: %1.64
    • Published: Mar. 16, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-0898

    Stack-based buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a crafted HTTP request.... Read more

    Affected Products : openview_network_node_manager
    • EPSS Score: %7.24
    • Published: Dec. 10, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-0773

    The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a splice of an array that contains "some non-... Read more

    Affected Products : firefox thunderbird seamonkey
    • EPSS Score: %9.17
    • Published: Mar. 05, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 292124 Results