Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2012-5188

    Untrusted search path vulnerability in mora Downloader before 1.0.0.1 allows remote attackers to trigger the launch of a .exe file via unspecified vectors.... Read more

    Affected Products : mora_downloader
    • EPSS Score: %1.68
    • Published: Feb. 14, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2017-17105

    Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cm... Read more

    • EPSS Score: %91.75
    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2010-5324

    Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted direc... Read more

    Affected Products : zenworks_configuration_management
    • EPSS Score: %74.07
    • Published: Jun. 07, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-5342

    Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-6627.... Read more

    Affected Products : clearpass
    • EPSS Score: %2.60
    • Published: Nov. 19, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2007-6701

    Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP4 for Windows allow remote attackers to execute arbitrary code via long arguments to multiple unspecified RPC functions, aka Novell bug 287919, a different ... Read more

    Affected Products : windows client
    • EPSS Score: %45.50
    • Published: Feb. 13, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1288

    Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News 1.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[installdir] parameter to (1) comment.php, (2) themes.php, (3) directory.php, and (4) sendm... Read more

    Affected Products : wbnews
    • EPSS Score: %1.56
    • Published: Mar. 07, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2025-22954

    GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows SQL Injection in /serials/lateissues-export.pl via the supplierid or serialid parameter.... Read more

    Affected Products : koha
    • Published: Mar. 12, 2025
    • Modified: Mar. 18, 2025

  • 10.0

    HIGH
    CVE-2007-1329

    Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are r... Read more

    Affected Products : ledgersmb sql-ledger
    • EPSS Score: %5.74
    • Published: Mar. 07, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-2176

    Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175.... Read more

    Affected Products : firefox
    • EPSS Score: %2.68
    • Published: Apr. 24, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2025-2345

    A vulnerability, which was classified as very critical, was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. This affects an unknown part. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The vend... Read more

    Affected Products :
    • Published: Mar. 16, 2025
    • Modified: Mar. 16, 2025

  • 10.0

    HIGH
    CVE-2015-0134

    Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before 8.5.1 FP5 IF3, 8.5.2 before FP4 IF3, 8.5.3 before FP6 IF6, 9.0 before IF7, and 9.0.1 before FP2 IF3 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : lotus_domino domino
    • EPSS Score: %19.25
    • Published: Apr. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2012-1288

    The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP session.... Read more

    • EPSS Score: %0.63
    • Published: Feb. 23, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-1399

    Unspecified vulnerability in the U+Box 2.0 (lg.uplusbox) application 2.0.2 and 2.0.8.4 for Android has unknown impact and attack vectors.... Read more

    Affected Products : android u\+box_2.0
    • EPSS Score: %0.43
    • Published: Mar. 07, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-0073

    In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over NFC with no additional execution privileges needed. User interaction is not needed for ... Read more

    Affected Products : android
    • EPSS Score: %2.28
    • Published: Apr. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-1418

    Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.60 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.... Read more

    • EPSS Score: %0.21
    • Published: Feb. 29, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2006-3721

    Multiple unspecified vulnerabilities in Oracle Management Service for Oracle Enterprise Manager 10.1.0.5 and 10.2.0.1 have unknown impact and attack vectors, aka Oracle Vuln# EM03 and EM04.... Read more

    Affected Products : enterprise_manager
    • EPSS Score: %3.57
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2009-2754

    Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Leg... Read more

    • EPSS Score: %30.96
    • Published: Mar. 05, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2019-11469

    Zoho ManageEngine Applications Manager 12 through 14 allows FaultTemplateOptions.jsp resourceid SQL injection. Subsequently, an unauthenticated user can gain the authority of SYSTEM on the server by uploading a malicious file via the "Execute Program Acti... Read more

    • EPSS Score: %6.02
    • Published: Apr. 23, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-27159

    Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114... Read more

    • EPSS Score: %8.31
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-27158

    Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114.... Read more

    • EPSS Score: %10.71
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 290974 Results