Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2010-5286

    Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.... Read more

    Affected Products : joomla\! com_jstore
    • EPSS Score: %32.16
    • Published: Nov. 26, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-5307

    The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not cl... Read more

    Affected Products : optima_mr360_firmware
    • EPSS Score: %0.57
    • Published: Aug. 04, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2017-13285

    In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a possible out of bounds write due to an uninitialized buffer. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User in... Read more

    Affected Products : android
    • EPSS Score: %2.24
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-0984

    Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O ... Read more

    • EPSS Score: %0.77
    • Published: Mar. 31, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2004-2388

    rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user.... Read more

    Affected Products : aix
    • EPSS Score: %1.01
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2012-0434

    The server in Crowbar, as used in SUSE Cloud 1.0, uses weak permissions for the production.log file, which has unspecified impact and attack vectors.... Read more

    Affected Products : suse_cloud
    • EPSS Score: %0.21
    • Published: Dec. 02, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2006-4084

    Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 has unknown impact and attack vectors, related to "a potential security exploit which is critical."... Read more

    Affected Products : phpautomembersarea
    • EPSS Score: %0.39
    • Published: Aug. 11, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2021-26588

    A potential security vulnerability has been identified in HPE 3PAR StoreServ, HPE Primera Storage and HPE Alletra 9000 Storage array firmware. An unauthenticated user could remotely exploit the low complexity issue to execute code as administrator. This v... Read more

    • EPSS Score: %1.71
    • Published: Oct. 11, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-0342

    Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ISSymbol.ocx 301.1104.601.0 in InduSoft Web Studio 7.0B2 hotfix 7.0.01.04 allow remote attackers to execute arbitrary code via a long parameter to the (1) Open, (2) Close, or (3) SetCur... Read more

    Affected Products : web_studio indusoft_web_studio
    • EPSS Score: %9.34
    • Published: Sep. 02, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-19138

    Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and earlier allow remote attackers to execute arbitrary code via the component "/src/main/java/com/dotmarketing/filters/CMSFilter.java".... Read more

    Affected Products : dotcms
    • EPSS Score: %9.29
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-53577

    Improper Control of Generation of Code ('Code Injection') vulnerability in thehp Global DNS allows Remote Code Inclusion. This issue affects Global DNS: from n/a through 3.1.0.... Read more

    Affected Products :
    • Published: Aug. 20, 2025
    • Modified: Aug. 20, 2025

  • 10.0

    HIGH
    CVE-1999-0590

    A system does not present an appropriate legal message or warning to a user who is accessing it.... Read more

    • EPSS Score: %10.29
    • Published: Jun. 01, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0235

    Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access.... Read more

    Affected Products : ncsa_web_server
    • EPSS Score: %3.30
    • Published: Feb. 17, 1995
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0040

    glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command.... Read more

    Affected Products : glftpd
    • EPSS Score: %0.41
    • Published: Dec. 23, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0577

    Netscape Professional Services FTP Server 1.3.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack.... Read more

    Affected Products : professional_services_ftpserver
    • EPSS Score: %3.27
    • Published: Jun. 21, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0677

    Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable.... Read more

    Affected Products : net.data
    • EPSS Score: %7.65
    • Published: Oct. 20, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0557

    Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to execute arbitrary commands via a long GET request.... Read more

    Affected Products : cmail
    • EPSS Score: %3.35
    • Published: Jun. 05, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2001-0181

    Format string vulnerability in the error logging code of DHCP server and client in Caldera Linux allows remote attackers to execute arbitrary commands.... Read more

    • EPSS Score: %2.32
    • Published: Mar. 26, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2001-0538

    Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.... Read more

    Affected Products : outlook
    • EPSS Score: %68.32
    • Published: Aug. 14, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2001-0969

    ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts.... Read more

    Affected Products : freebsd
    • EPSS Score: %0.43
    • Published: Aug. 31, 2001
    • Modified: Apr. 03, 2025
Showing 20 of 290940 Results