Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2001-0180

    Lars Ellingsen guestserver.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the "email" parameter.... Read more

    Affected Products : guestserver
    • Published: May. 03, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2001-0372

    Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a default group account :backup with no password, which allows a remote attacker to gain administrative access via the demo stores (1) barry, (2) basic, or (3) construct.... Read more

    Affected Products : akopia_interchange
    • Published: Jun. 18, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2024-7332

    A vulnerability was found in TOTOLINK CP450 4.1.0cu.747_B20191224. It has been classified as critical. This affects an unknown part of the file /web_cste/cgi-bin/product.ini of the component Telnet Service. The manipulation leads to use of hard-coded pass... Read more

    Affected Products : cp450_firmware cp450
    • Published: Aug. 01, 2024
    • Modified: Aug. 09, 2024

  • 10.0

    HIGH
    CVE-2002-0434

    Marcus S. Xenakis directory.php script allows remote attackers to execute arbitrary commands via shell metacharacters in the dir parameter.... Read more

    Affected Products : directory.php
    • Published: Jul. 26, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0602

    A network intrusion detection system (IDS) does not properly reassemble fragmented packets.... Read more

    Affected Products :
    • Published: Jan. 01, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2024-6297

    Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is use... Read more

    Affected Products : social_warfare
    • Published: Jun. 25, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-5991

    In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be N... Read more

    Affected Products : wolfssl
    • Published: Aug. 27, 2024
    • Modified: Sep. 06, 2024

  • 10.0

    HIGH
    CVE-2003-1081

    Aspppls for Solaris 8 allows local users to overwrite arbitrary files via a symlink attack on the .asppp.fifo temporary file.... Read more

    Affected Products : solaris sunos
    • Published: Sep. 09, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0201

    Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerabi... Read more

    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-1024

    eWave ServletExec 3.0C and earlier does not restrict access to the UploadServlet Java/JSP servlet, which allows remote attackers to upload files and execute arbitrary commands.... Read more

    Affected Products : ewave_servletexec
    • Published: Dec. 11, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0630

    The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via shell metacharacters ("`" or backtick) in the filename of th... Read more

    Affected Products : acrobat_reader
    • Published: Aug. 18, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0757

    Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.... Read more

    Affected Products : firefox thunderbird mozilla
    • Published: Aug. 18, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2024-5407

    A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructur... Read more

    Affected Products : rhinos rhinos
    • Published: May. 27, 2024
    • Modified: Jun. 05, 2025

  • 10.0

    HIGH
    CVE-2007-1868

    The management service in IBM Tivoli Provisioning Manager for OS Deployment before 5.1 Fix Pack 2 does not properly handle multipart/form-data in HTTP POST requests, which allows remote attackers to execute arbitrary code or cause a denial of service (dae... Read more

    • Published: Apr. 04, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2001-1163

    Buffer overflow in Munica Corporation NetSQL 1.0 allows remote attackers to execute arbitrary code via a long CONNECT argument to port 6500.... Read more

    Affected Products : netsql
    • Published: Jun. 16, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2024-56829

    Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx.... Read more

    Affected Products :
    • Published: Jan. 02, 2025
    • Modified: Jan. 06, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    HIGH
    CVE-2002-2290

    Mambo Site Server 4.0.11 installs with a default username and password of admin, which allows remote attackers to gain privileges.... Read more

    Affected Products : mambo_site_server
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2007-5561

    Format string vulnerability in the logging function in the Oracle OPMN daemon, as used on Oracle Enterprise Grid Console server 10.2.0.1, allows remote attackers to execute arbitrary code via format string specifiers in the URI in an HTTP request to port ... Read more

    • Published: Oct. 18, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-6149

    Multiple integer overflows in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allow remote attackers to execute arbitrary code via a Real Time Message Protocol (RTMP) message with a crafted integer f... Read more

    • Published: Feb. 13, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0075

    Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.... Read more

    Affected Products : internet_information_server
    • Published: Feb. 12, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 293505 Results