Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-1999-0100

    Remote access in AIX innd 1.5.1, using control messages.... Read more

    Affected Products : inn
    • EPSS Score: %1.32
    • Published: Jan. 01, 1997
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2007-2187

    Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows remote attackers to execute arbitrary code via a long DNS response. NOTE: this might be related to CVE-2006-6926.... Read more

    Affected Products : extremail
    • EPSS Score: %6.65
    • Published: Apr. 24, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2004-0716

    Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper (epmap) on HP-UX 11 allows remote attackers to execute arbitrary code via a request with a small fragment length and a large amount of data.... Read more

    Affected Products : hp-ux
    • EPSS Score: %4.29
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2018-16590

    FURUNO FELCOM 250 and 500 devices use only client-side JavaScript in login.js for authentication.... Read more

    • EPSS Score: %0.70
    • Published: Sep. 06, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-16591

    FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel via /cgi-bin/sm_changepassword.cgi and /cgi-bin/sm_sms_changepasswd.cgi.... Read more

    • EPSS Score: %3.93
    • Published: Sep. 10, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15916

    goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter.... Read more

    Affected Products : ac15_firmware ac15
    • EPSS Score: %3.63
    • Published: Jul. 23, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-1599

    A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, D... Read more

    • EPSS Score: %92.28
    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2001-0534

    Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b and (2) Lucent 2.1-2 RADIUS allow remote attackers to cause a denial of service or execute arbitrary commands.... Read more

    Affected Products : radius radius
    • EPSS Score: %2.06
    • Published: Jul. 21, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0788

    The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands.... Read more

    Affected Products : word access
    • EPSS Score: %10.50
    • Published: Oct. 20, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0684

    BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.... Read more

    Affected Products : weblogic_server
    • EPSS Score: %5.20
    • Published: Oct. 20, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0059

    PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands.... Read more

    Affected Products : php
    • EPSS Score: %4.09
    • Published: Jan. 04, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0133

    Buffer overflows in Tiny FTPd 0.52 beta3 FTP server allows users to execute commands via the STOR, RNTO, MKD, XMKD, RMD, XRMD, APPE, SIZE, and RNFR commands.... Read more

    Affected Products : tiny_ftpdaemon
    • EPSS Score: %6.22
    • Published: Feb. 01, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0587

    The privpath directive in glftpd 1.18 allows remote attackers to bypass access restrictions for directories by using the file name completion capability.... Read more

    Affected Products : glftpd
    • EPSS Score: %0.40
    • Published: Jun. 26, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2007-2633

    Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows remote attackers to read, or include and execute, arbitrary local files via a .. (dot dot) in the template parameter.... Read more

    Affected Products : sitestudio
    • EPSS Score: %0.75
    • Published: May. 13, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-4916

    Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (H... Read more

    • EPSS Score: %71.29
    • Published: Sep. 17, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2021-45420

    Emerson Dixell XWEB-500 products are affected by arbitrary file write vulnerability in /cgi-bin/logo_extra_upload.cgi, /cgi-bin/cal_save.cgi, and /cgi-bin/lo_utils.cgi. An attacker will be able to write any file on the target system without any kind of au... Read more

    • EPSS Score: %80.81
    • Published: Feb. 14, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-2820

    The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and 4228_4.0.11.003 allows remote attackers to reprogram the firmware via a replay attack using UDP ports 17336 and 17388.... Read more

    • EPSS Score: %0.01
    • Published: Jan. 15, 2014
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2019-11063

    A broken access control vulnerability in SmartHome app (Android versions up to 3.0.42_190515, ios versions up to 2.0.22) allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway (HG100) ... Read more

    Affected Products : smarthome
    • EPSS Score: %0.83
    • Published: Aug. 29, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-32962

    xml-crypto is an xml digital signature and encryption library for Node.js. In affected versions the default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of the w3 xmldsig-core-200... Read more

    Affected Products :
    • Published: May. 02, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-32554

    Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and ... Read more

    Affected Products : purity\/\/fa purity\/\/fb
    • EPSS Score: %0.47
    • Published: Jun. 23, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 290943 Results