Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.4

    CRITICAL
    CVE-2024-1874

    In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command are controlled by a malicious user, the user can supply ... Read more

    Affected Products : fedora php
    • Published: Apr. 29, 2024
    • Modified: Jun. 18, 2025

  • 9.4

    HIGH
    CVE-2012-2627

    d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request.... Read more

    Affected Products : scrutinizer
    • EPSS Score: %9.54
    • Published: Jul. 31, 2012
    • Modified: Apr. 11, 2025

  • 9.4

    HIGH
    CVE-2010-3599

    Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server. NOTE: the previous information... Read more

    Affected Products : fusion_middleware
    • EPSS Score: %41.05
    • Published: Jan. 19, 2011
    • Modified: Apr. 11, 2025

  • 9.4

    HIGH
    CVE-2007-5862

    Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet.... Read more

    Affected Products : mac_os_x
    • EPSS Score: %0.21
    • Published: Dec. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.4

    HIGH
    CVE-2007-3191

    Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function.... Read more

    • EPSS Score: %5.55
    • Published: Jun. 12, 2007
    • Modified: Apr. 09, 2025

  • 9.4

    HIGH
    CVE-2007-2644

    A certain ActiveX control in Morovia Barcode ActiveX Professional 3.3.1304 allows remote attackers to overwrite arbitrary files by calling the Save method with an arbitrary filename.... Read more

    Affected Products : barcode_activex_control
    • EPSS Score: %10.31
    • Published: May. 13, 2007
    • Modified: Apr. 09, 2025

  • 9.4

    HIGH
    CVE-2007-0543

    ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests th... Read more

    Affected Products : zixforum
    • EPSS Score: %0.29
    • Published: Jan. 29, 2007
    • Modified: Apr. 09, 2025

  • 9.4

    HIGH
    CVE-2006-6767

    oftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure.... Read more

    Affected Products : oftpd
    • EPSS Score: %8.85
    • Published: Jan. 16, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2011-4042

    An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to execute arbitrary code by using a crafted HTML document to obtain control of a function pointer.... Read more

    Affected Products : pcvue frontvue pcvue plantvue
    • EPSS Score: %29.58
    • Published: Apr. 03, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2013-3553

    Nitro Pro 7.5.0.22 and earlier and Nitro Reader 2.5.0.36 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file.... Read more

    Affected Products : nitro_pro nitro_reader
    • EPSS Score: %0.56
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2019-1986

    In SkSwizzler::onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege in system_server with no additional execution privileges needed. User interaction is ne... Read more

    Affected Products : android
    • EPSS Score: %0.34
    • Published: Feb. 28, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-1041

    Multiple stack-based buffer overflows in S&H Computer Systems News Rover 12.1 Rev 1 allow remote attackers to execute arbitrary code via a .nzb file with a long (1) group or (2) subject string.... Read more

    Affected Products : news_rover
    • EPSS Score: %16.50
    • Published: Feb. 21, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2014-2731

    Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80.... Read more

    Affected Products : sinema_server
    • EPSS Score: %2.36
    • Published: Apr. 19, 2014
    • Modified: Apr. 12, 2025

  • 9.3

    HIGH
    CVE-2010-3140

    Untrusted search path vulnerability in Microsoft Windows Internet Communication Settings on Windows XP SP3 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that ... Read more

    Affected Products : windows_xp
    • EPSS Score: %10.66
    • Published: Aug. 27, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2012-0201

    Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file.... Read more

    Affected Products : personal_communications
    • EPSS Score: %76.34
    • Published: Mar. 02, 2012
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2008-2548

    Stack-based buffer overflow in the JPEG thumbprint component in the EXIF parser on Motorola cell phones with RAZR firmware allows user-assisted remote attackers to execute arbitrary code via an MMS transmission of a malformed JPEG image, which triggers me... Read more

    Affected Products : razr
    • EPSS Score: %8.95
    • Published: Jun. 04, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2021-1812

    A logic issue was addressed with improved validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A malicious application may be able to execute arbitrary code with system privileges.... Read more

    Affected Products : iphone_os ipados
    • EPSS Score: %0.39
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2020-13541

    An exploitable local privilege elevation vulnerability exists in the file system permissions of the Mobile-911 Server V2.5 install directory. Depending on the vector chosen, an attacker can overwrite the service executable and execute arbitrary code with ... Read more

    Affected Products : mobile-911_server
    • EPSS Score: %0.14
    • Published: Jan. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2012-10054

    Umbraco CMS versions prior to 4.7.1 are vulnerable to unauthenticated remote code execution via the codeEditorSave.asmx SOAP endpoint, which exposes a SaveDLRScript operation that permits arbitrary file uploads without authentication. By exploiting a path... Read more

    Affected Products : umbraco_cms
    • Published: Aug. 13, 2025
    • Modified: Aug. 14, 2025
    • Vuln Type: Path Traversal

  • 9.3

    CRITICAL
    CVE-2025-24325

    Improper input validation in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: Aug. 12, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Authorization
Showing 20 of 291394 Results