Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2007-3643

    admin/index.php in AV Arcade 2.1b grants administrative privileges when the ava_userid cookie value is 1, which allows remote attackers to perform certain administrative actions.... Read more

    Affected Products : av_arcade
    • EPSS Score: %0.92
    • Published: Jul. 10, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-3647

    The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the username cookie to "traffic." NOTE: some of these details are obtained from thir... Read more

    Affected Products : phptraffica
    • EPSS Score: %1.17
    • Published: Jul. 10, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-3794

    Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, rela... Read more

    • EPSS Score: %0.51
    • Published: Jul. 15, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-3907

    Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a ... Read more

    Affected Products : ledgersmb
    • EPSS Score: %1.48
    • Published: Jul. 19, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-4149

    The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 does not require authentication for (1) the "LOG." command, which allows remote attackers to create or overwrite arbitrary files; (2) the SETTINGSFILE command, which allows remote... Read more

    Affected Products : audit
    • EPSS Score: %4.85
    • Published: Aug. 03, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-16461

    A command injection vulnerability in libnmapp package for versions <0.4.16 allows arbitrary commands to be executed via arguments to the range options.... Read more

    Affected Products : libnmap libnmap
    • EPSS Score: %1.49
    • Published: Oct. 30, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2018-16462

    A command injection vulnerability in the apex-publish-static-files npm module version <2.0.1 which allows arbitrary shell command execution through a maliciously crafted argument.... Read more

    Affected Products : apex-publish-static-files
    • EPSS Score: %2.30
    • Published: Oct. 30, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-4361

    NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta creates a default SSH root password derived from the hardware serial number, which makes it easier for remote attackers to guess the password and obtain login access.... Read more

    Affected Products : readynas_raidiator
    • EPSS Score: %3.43
    • Published: Aug. 15, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-4493

    eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop modul... Read more

    Affected Products : ez_publish
    • EPSS Score: %0.55
    • Published: Aug. 23, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-4747

    The telnet service in Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and ear... Read more

    • EPSS Score: %2.53
    • Published: Sep. 06, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-4983

    Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to create or overwrite arbitrary local files via a ..\ (dot dot backslash) in the second argument ... Read more

    Affected Products : jetaudio jetaudio
    • EPSS Score: %18.26
    • Published: Sep. 19, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-5070

    Heap-based buffer overflow in the EasyMailMessagePrinter ActiveX control in emprint.DLL 6.0.1.0 in the Quiksoft EasyMail MessagePrinter Object allows remote attackers to execute arbitrary code via a long string in the first argument to the SetFont method.... Read more

    Affected Products : easymail_messageprinter_object
    • EPSS Score: %5.58
    • Published: Sep. 24, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-10948

    Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) 2.0.2 is vulnerable to Remote Command Execution via eval injection, a different issue than CVE-2002-0934. An unauthenticated, remote attacker can exploit this via a series of crafted r... Read more

    Affected Products : alienform2
    • EPSS Score: %18.07
    • Published: Apr. 01, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-5364

    Directory traversal vulnerability in payments/ideal_process.php in the iDEAL transaction handler in ViArt Shopping Cart allows remote attackers to have an unknown impact via directory traversal sequences in the filename parameter to the createCertFingerpr... Read more

    Affected Products : shopping_cart
    • EPSS Score: %0.37
    • Published: Oct. 11, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-5382

    The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain pri... Read more

    • EPSS Score: %2.37
    • Published: Oct. 12, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-5419

    The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external (Internet) interface unless the user selects other options, which might expose the rout... Read more

    Affected Products : 3crwe554g72t
    • EPSS Score: %0.77
    • Published: Oct. 12, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-5535

    Unspecified vulnerability in newbb_plus in RunCms 1.5.2 has unknown impact and attack vectors.... Read more

    Affected Products : runcms
    • EPSS Score: %0.39
    • Published: Oct. 18, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-5717

    Unspecified vulnerability in Sun Fire X2100 M2 and X2200 M2 Embedded Lights Out Manager (ELOM) on x86 before firmware 2.70 allows remote attackers to execute arbitrary commands as root on the Service Processor (SP) via unspecified vectors, a different vul... Read more

    • EPSS Score: %4.53
    • Published: Oct. 30, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-5941

    Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in Adobe Shockwave allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument to the ShockwaveVersion method.... Read more

    Affected Products : shockwave_player
    • EPSS Score: %23.14
    • Published: Nov. 14, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-6172

    Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewimage.php and (2) comments.php.... Read more

    Affected Products : wpquiz
    • EPSS Score: %0.50
    • Published: Nov. 30, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 292508 Results