Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2017-7779

    Memory safety bugs were reported in Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulner... Read more

    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-11563

    D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP "Discover" service, which provides multiple functions such as changing the passwords and getting basic information, was installed on the device. A remote attacker... Read more

    • Published: Aug. 24, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-5602

    Multiple stack-based buffer overflows in SwiftView Viewer before 8.3.5, as used by SwiftView and SwiftSend, allow remote attackers to execute arbitrary code via unspecified vectors to the (1) svocx.ocx ActiveX control or the (2) npsview.dll plugin for Moz... Read more

    Affected Products : viewer
    • Published: Feb. 05, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2023-51473

    Unrestricted Upload of File with Dangerous Type vulnerability in Pixelemu TerraClassifieds – Simple Classifieds Plugin.This issue affects TerraClassifieds – Simple Classifieds Plugin: from n/a through 2.0.3. ... Read more

    Affected Products : terraclassifieds
    • Published: Dec. 29, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-15107

    An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.... Read more

    Affected Products : webmin
    • Actively Exploited
    • Published: Aug. 16, 2019
    • Modified: Mar. 14, 2025

  • 10.0

    HIGH
    CVE-2019-15027

    The MediaTek Embedded Multimedia Card (eMMC) subsystem for Android on MT65xx, MT66xx, and MT8163 SoC devices allows attackers to execute arbitrary commands as root via shell metacharacters in a filename under /data, because clear_emmc_nomedia_entry in pla... Read more

    • Published: Aug. 14, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-5559

    Heap-based buffer overflow in the IBM ThinkVantage TPM Service allows remote attackers to execute arbitrary code via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it... Read more

    Affected Products : thinkvantage_tpm
    • Published: Oct. 18, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2017-12762

    In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tr... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2017-10920

    The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_host_map unmapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption... Read more

    Affected Products : xen
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2007-5538

    Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of servic... Read more

    • Published: Oct. 18, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2017-3086

    Adobe Shockwave versions 12.2.8.198 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : shockwave_player
    • Published: Jun. 20, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-6629

    An issue was discovered in phpMyAdmin involving the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. All 4.6.x versions (prior to 4.6.4... Read more

    Affected Products : phpmyadmin
    • Published: Dec. 11, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2019-14678

    SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Servi... Read more

    • Published: Nov. 14, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-3714

    The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to execute arbitrary code via shell metacharacters in a crafted image, aka "ImageT... Read more

    • Actively Exploited
    • Published: May. 05, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2007-5531

    Unspecified vulnerability in Oracle Help for Web, as used in Oracle Application Server, Oracle Database 10.2.0.3, and Enterprise Manager 10.1.0.6, has unknown impact and remote attack vectors, aka EM02.... Read more

    • Published: Oct. 17, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2015-3053

    Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3054, CVE-2015-3055, CVE-2... Read more

    Affected Products : mac_os_x acrobat acrobat_reader windows
    • Published: May. 13, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2019-14514

    An issue was discovered in Microvirt MEmu all versions prior to 7.0.2. A guest Android operating system inside the MEmu emulator contains a /system/bin/systemd binary that is run with root privileges on startup (this is unrelated to Red Hat's systemd init... Read more

    Affected Products : memu
    • Published: Feb. 11, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-14482

    AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerability in the NetCrunch web client. The same hardcoded SSL private key is used across different customers' installations when no other SSL certificate is installed, which allows remote att... Read more

    Affected Products : netcrunch
    • Published: Dec. 16, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-4844

    Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.... Read more

    Affected Products : jdk jre
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-4835

    Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881.... Read more

    Affected Products : jdk jre
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293435 Results