Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2007-1225

    The connection log file implementation in Grok Developments NetProxy 4.03 does not record requests that omit http:// in a URL, which might allow remote attackers to conduct unauthorized activities and avoid detection.... Read more

    Affected Products : netproxy
    • EPSS Score: %3.50
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-7134

    Unrestricted file upload vulnerability in main_user.php in Upload Tool for PHP 1.0 allows remote attackers to upload and execute arbitrary files with executable extensions such as .php. NOTE: the provenance of this information is unknown; the details are... Read more

    Affected Products : upload_tool_for_php
    • EPSS Score: %2.84
    • Published: Mar. 06, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-7156

    PHP remote file inclusion vulnerability in addon_keywords.php in Keyword Replacer (keyword_replacer) 1.0 and earlier, a module for miniBB, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter.... Read more

    Affected Products : keyword_replacer
    • EPSS Score: %6.42
    • Published: Mar. 07, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-7148

    PHP remote file inclusion vulnerability in includes/bb_usage_stats.php in maluinfo 206.2.38 for Brazilian PHPBB allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. NOTE: this might be the same issues as CVE-2006-4893.... Read more

    Affected Products : maluinfo
    • EPSS Score: %0.42
    • Published: Mar. 07, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1372

    PHP remote file inclusion vulnerability in styles/internal/header.php in the PostGuestbook 0.6.1 module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the tpl_pgb_moddir parameter.... Read more

    Affected Products : postguestbook
    • EPSS Score: %3.55
    • Published: Mar. 10, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1373

    Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961.... Read more

    Affected Products : mercury_mail_transport_system
    • EPSS Score: %76.46
    • Published: Mar. 10, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1408

    Multiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) outposts.php, (4) tribes.php, (5) house.php, (6) tribearmor.php, (7) tribeastral.php, (8) tribeware.php, and (9) includes/head.php in Bartek Jasicki Vallheru before 1.3 beta have unknown impa... Read more

    Affected Products : vallheru
    • EPSS Score: %0.39
    • Published: Mar. 10, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1414

    Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo Gallery (CPG) allow remote attackers to execute arbitrary PHP code via a URL in the (1) cmd parameter to (a) image_processor.php or (b) picmgmt.inc.php, or the (2) path parameter to (c... Read more

    • EPSS Score: %5.07
    • Published: Mar. 12, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-7173

    Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted option_new[report_w_day] parameter in a preferenze action, which can be later accessed via option... Read more

    Affected Products : php-stats
    • EPSS Score: %5.92
    • Published: Mar. 20, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1587

    templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows remote attackers to execute arbitrary programs by specifying the program name in the qshapeLocation parameter.... Read more

    Affected Products : statsdawg
    • EPSS Score: %0.80
    • Published: Mar. 21, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1640

    Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the BASE parameter to (1) language.php and (2) phpadmin/survey.php.... Read more

    Affected Products : classweb
    • EPSS Score: %5.70
    • Published: Mar. 23, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1644

    The dynamic DNS update mechanism in the DNS Server service on Microsoft Windows does not properly authenticate clients in certain deployments or configurations, which allows remote attackers to change DNS records for a web proxy server and conduct man-in-... Read more

    Affected Products : windows all_windows
    • EPSS Score: %31.32
    • Published: Mar. 24, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1724

    Unspecified vulnerability in ReactOS 0.3.1 has unknown impact and attack vectors, related to a fix for "dozens of win32k bugs and failures," in which the fix itself introduces a vulnerability, possibly related to user-mode and kernel-mode copy failures.... Read more

    Affected Products : reactos
    • EPSS Score: %0.34
    • Published: Mar. 28, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1731

    Multiple stack-based buffer overflows in High Performance Anonymous FTP Server (hpaftpd) 1.01 allow remote attackers to execute arbitrary code via long arguments to the (1) USER, (2) PASS, (3) CWD, (4) MKD, (5) RMD, (6) DELE, (7) RNFR, or (8) RNTO FTP com... Read more

    Affected Products : hpaftpd
    • EPSS Score: %5.65
    • Published: Mar. 28, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-7181

    Multiple PHP remote file inclusion vulnerabilities in Morcego CMS 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) fichero parameter to morcegoCMS.php or the (2) path parameter to adodb/adodb.inc.php. NOTE: vect... Read more

    Affected Products : morcego_cms
    • EPSS Score: %1.01
    • Published: Mar. 30, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1795

    JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary PHP code via the email address field in an HTML link. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.... Read more

    Affected Products : urlshrink
    • EPSS Score: %2.66
    • Published: Apr. 02, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1821

    Sprint Nextel Sprint voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID).... Read more

    Affected Products : sprint_voice
    • EPSS Score: %1.43
    • Published: Apr. 02, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1916

    Buffer overflow in the RFC_START_GUI function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be... Read more

    • EPSS Score: %9.37
    • Published: Apr. 10, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-2036

    The SNMP implementation in the Cisco Wireless LAN Controller (WLC) before 20070419 uses the default read-only community public, and the default read-write community private, which allows remote attackers to read and modify SNMP variables, aka Bug ID CSCse... Read more

    • EPSS Score: %2.30
    • Published: Apr. 16, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-2100

    FAC Guestbook 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/Gdb.mdb.... Read more

    Affected Products : fac_guestbook
    • EPSS Score: %0.82
    • Published: Apr. 18, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 292199 Results