Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2021-32637

    Authelia is a a single sign-on multi-factor portal for web apps. This affects uses who are using nginx ngx_http_auth_request_module with Authelia, it allows a malicious individual who crafts a malformed HTTP request to bypass the authentication mechanism.... Read more

    Affected Products : authelia
    • EPSS Score: %0.53
    • Published: May. 28, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-0366

    Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a diff... Read more

    Affected Products : database_mobile\/lite_server
    • EPSS Score: %2.95
    • Published: Jan. 17, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2024-23621

    A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution.... Read more

    Affected Products : merge_efilm_workstation
    • EPSS Score: %0.94
    • Published: Jan. 26, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-1408

    Unspecified vulnerability in the App Lock (com.cc.applock) application 1.7.5 and 1.7.6 for Android has unknown impact and attack vectors.... Read more

    Affected Products : android app_lock
    • EPSS Score: %0.33
    • Published: Mar. 14, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-1474

    Unspecified vulnerability in the Youni SMS (com.snda.youni) application 2.1.0c and 2.1.0d for Android has unknown impact and attack vectors.... Read more

    Affected Products : android youni_sms
    • EPSS Score: %0.33
    • Published: Mar. 14, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2008-7196

    Unspecified vulnerability in metashell before 0.03 has unknown impact and attack vectors related to a "PATH execution security flaw," possibly an untrusted search path vulnerability.... Read more

    Affected Products : metashell
    • EPSS Score: %0.72
    • Published: Sep. 10, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-6123

    Unspecified vulnerability in IRC Services 5.1.8 has unknown impact and attack vectors.... Read more

    Affected Products : irc_services
    • EPSS Score: %0.42
    • Published: Nov. 26, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2001-0024

    simplestmail.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the MyEmail parameter.... Read more

    Affected Products : simplestmail.cgi
    • EPSS Score: %4.99
    • Published: Feb. 12, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2007-1687

    Multiple buffer overflows in the Internet Pictures Corporation iPIX Image Well ActiveX control (iPIX-ImageWell-ipix.dll) allow remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : ipix_image_well
    • EPSS Score: %22.62
    • Published: Apr. 10, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2002-0697

    Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.... Read more

    Affected Products : windows_2000 metadirectory_services
    • EPSS Score: %17.12
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2024-11186

    On affected versions of the CloudVision Portal, improper access controls could enable a malicious authenticated user to take broader actions on managed EOS devices than intended. This advisory impacts the Arista CloudVision Portal products when run on-pre... Read more

    Affected Products : cloudvision_portal
    • Published: May. 08, 2025
    • Modified: May. 12, 2025

  • 10.0

    HIGH
    CVE-2001-0966

    Directory traversal vulnerability in Nudester 1.10 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the CD (CWD) command.... Read more

    Affected Products : nudester
    • EPSS Score: %0.69
    • Published: Aug. 31, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2018-10612

    In 3S-Smart Software Solutions GmbH CODESYS Control V3 products prior to version 3.5.14.0, user access management and communication encryption is not enabled by default, which could allow an attacker access to the device and sensitive information, includi... Read more

    • EPSS Score: %0.12
    • Published: Jan. 29, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-1721

    Multiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) Richtxt_functions.inc.php, (2) adddocfile.php, (3) auth_check.php, (4) browse... Read more

    Affected Products : c-arbre
    • EPSS Score: %4.66
    • Published: Mar. 28, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-3140

    A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to insufficient validation of user in... Read more

    Affected Products : prime_license_manager
    • EPSS Score: %1.66
    • Published: Jul. 16, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2000-0685

    BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file.... Read more

    Affected Products : weblogic_server
    • EPSS Score: %5.20
    • Published: Oct. 20, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2009-3354

    Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors.... Read more

    Affected Products : drupal rest_api_module
    • EPSS Score: %0.39
    • Published: Sep. 24, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1766

    PHP remote file inclusion vulnerability in login/engine/db/profiledit.php in Advanced Login 0.76 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.... Read more

    Affected Products : advanced_login
    • EPSS Score: %5.06
    • Published: Mar. 30, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1822

    Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID).... Read more

    Affected Products : voice_mail_system
    • EPSS Score: %0.99
    • Published: Apr. 02, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2022-30915

    H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateSnat parameter at /goform/aspForm.... Read more

    Affected Products : magic_r100_firmware magic_r100
    • EPSS Score: %0.39
    • Published: Jun. 08, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 290983 Results