Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2012-2379

    Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and... Read more

    Affected Products : cxf
    • EPSS Score: %3.75
    • Published: Jan. 03, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-2047

    Adobe Shockwave Player before 11.6.6.636 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2043, CVE-2012-2044, CVE-2012-2045, and CVE-2012-2046.... Read more

    Affected Products : shockwave_player
    • EPSS Score: %9.19
    • Published: Aug. 15, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-7058

    Aruba ClearPass, all versions of 6.6.x prior to 6.6.9 are affected by an authentication bypass vulnerability, an attacker can leverage this vulnerability to gain administrator privileges on the system. The vulnerability is exposed only on ClearPass web in... Read more

    Affected Products : aruba_clearpass_policy_manager
    • EPSS Score: %0.92
    • Published: Aug. 06, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-2032

    Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2030, CVE-2012-2031, and CVE-2012-2033.... Read more

    Affected Products : shockwave_player
    • EPSS Score: %25.79
    • Published: May. 09, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-1967

    Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execut... Read more

    • EPSS Score: %3.40
    • Published: Jul. 18, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2018-6968

    The VMware AirWatch Agent for Android prior to 8.2 and AirWatch Agent for Windows Mobile prior to 6.5.2 contain a remote code execution vulnerability in real time File Manager capabilities. This vulnerability may allow for unauthorized creation and execut... Read more

    Affected Products : airwatch_agent
    • EPSS Score: %11.58
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-0774

    Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code via a crafted TrueType font.... Read more

    Affected Products : acrobat acrobat_reader
    • EPSS Score: %36.79
    • Published: Apr. 10, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-0772

    An unspecified ActiveX control in Adobe Flash Player before 10.3.183.18 and 11.x before 11.2.202.228, and AIR before 3.2.0.2070, on Windows does not properly perform URL security domain checking, which allow attackers to execute arbitrary code or cause a ... Read more

    Affected Products : flash_player windows adobe_air
    • EPSS Score: %24.40
    • Published: Mar. 28, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-0768

    The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary code... Read more

    • EPSS Score: %8.03
    • Published: Mar. 05, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-0763

    The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0757, CVE-2012-0760, ... Read more

    Affected Products : shockwave_player
    • EPSS Score: %9.19
    • Published: Feb. 15, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2017-8859

    In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root.... Read more

    Affected Products : netbackup_appliance
    • EPSS Score: %1.13
    • Published: May. 09, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2012-0757

    The Shockwave 3D Asset component in Adobe Shockwave Player before 11.6.4.634 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0760, CVE-2012-0761, ... Read more

    Affected Products : shockwave_player
    • EPSS Score: %9.19
    • Published: Feb. 15, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2023-39344

    social-media-skeleton is an uncompleted social media project. A SQL injection vulnerability in the project allows UNION based injections, which indirectly leads to remote code execution. Commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1 contains a fix for t... Read more

    Affected Products : social-media-skeleton
    • EPSS Score: %5.08
    • Published: Aug. 04, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-5001

    Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet ... Read more

    Affected Products : control_manager control_manager
    • EPSS Score: %74.71
    • Published: Dec. 25, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-6809

    NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to gain privilege on a target system.... Read more

    • EPSS Score: %3.58
    • Published: Mar. 06, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-3652

    The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unsp... Read more

    Affected Products : firefox thunderbird
    • EPSS Score: %5.92
    • Published: Nov. 09, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2018-6692

    Stack-based Buffer Overflow vulnerability in libUPnPHndlr.so in Belkin Wemo Insight Smart Plug allows remote attackers to bypass local security protection via a crafted HTTP post packet.... Read more

    • EPSS Score: %0.96
    • Published: Aug. 21, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-6911

    The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess 8.3.0 allows remote attackers to execute arbitrary OS commands via a single argument (aka the command parameter).... Read more

    Affected Products : webaccess advantech_webaccess
    • EPSS Score: %29.18
    • Published: Feb. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-3087

    Google Chrome before 19.0.1084.46 does not properly perform window navigation, which has unspecified impact and remote attack vectors.... Read more

    Affected Products : chrome
    • EPSS Score: %0.85
    • Published: May. 16, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-3012

    The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for dangerous file extensions before writing to the quake3 directory, which allows remote attackers to execute arbitrary code vi... Read more

    • EPSS Score: %2.77
    • Published: Aug. 09, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 292386 Results