Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2007-0913

    Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-... Read more

    Affected Products : powerpoint
    • EPSS Score: %37.96
    • Published: Feb. 14, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-1037

    Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier allows remote attackers to execute arbitrary code via a .nzb file with a long subject field. NOTE: the provenance of this information is unknown; the details are obtained solely from th... Read more

    Affected Products : news_file_grabber
    • EPSS Score: %8.61
    • Published: Feb. 21, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-7061

    Scriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverage them for cross-site scripting (XSS) attacks.... Read more

    Affected Products : e-dating_system
    • EPSS Score: %0.60
    • Published: Feb. 24, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2006-7064

    Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter.... Read more

    Affected Products : invision_power_board
    • EPSS Score: %0.57
    • Published: Feb. 24, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-1197

    Multiple unspecified vulnerabilities in Epiware before 4.7.5 have unknown impact and attack vectors, possibly related to cross-site scripting (XSS) and other unspecified issues.... Read more

    Affected Products : epiware
    • EPSS Score: %0.34
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-1534

    DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port ... Read more

    Affected Products : windows_vista
    • EPSS Score: %38.74
    • Published: Mar. 20, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-1725

    SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges.... Read more

    Affected Products : icebb
    • EPSS Score: %0.66
    • Published: Mar. 28, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-1820

    Nortel Networks CallPilot and Meridian Mail voicemail systems, when a mailbox has auto logon enabled, allow remote attackers to retrieve or remove messages, or reconfigure the mailbox, by spoofing Calling Number Identification (CNID, aka Caller ID).... Read more

    Affected Products : callpilot meridian_mail
    • EPSS Score: %1.14
    • Published: Apr. 02, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-2192

    Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted remote attackers to execute arbitrary code via a crafted .tif file.... Read more

    Affected Products : photofiltre_studio
    • EPSS Score: %10.42
    • Published: Apr. 24, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-2648

    Stack-based buffer overflow in the Clever Database Comparer 2.2 ActiveX control (comparerax.ocx) allows remote attackers to execute arbitrary code via a long argument to the ConnectToDatabase function.... Read more

    Affected Products : clever_database_comparer
    • EPSS Score: %6.31
    • Published: May. 14, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-2667

    Buffer overflow in the DB Software Laboratory VImpX ActiveX control in VImpX.ocx 4.7.3 allows remote attackers to execute arbitrary code via a long LogFile parameter.... Read more

    Affected Products : vimp_x
    • EPSS Score: %5.29
    • Published: May. 14, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-2758

    Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted remote attackers to execute arbitrary code via a FAT image that contains long directory names in a deeply nested directory structure, which triggers (1) a stack-based buffer overflow durin... Read more

    Affected Products : winimage
    • EPSS Score: %11.87
    • Published: May. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-2771

    Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG 2000 LEADJ2K.LEADJ2K.140 ActiveX control (LTJ2K14.ocx) 14.5.0.35 allows remote attackers to execute arbitrary code via a long BitmapDataPath property.... Read more

    Affected Products : leadtools_jpeg_2000
    • EPSS Score: %29.83
    • Published: May. 21, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-2847

    Multiple cross-site scripting (XSS) vulnerabilities in hlstats.php in HLstats 1.35, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) authusername or (2) authpassword parameter, different vectors than CVE-2007... Read more

    Affected Products : hlstats
    • EPSS Score: %0.66
    • Published: May. 24, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-2856

    Buffer overflow in the Dart Communications PowerTCP ZIP Compression ActiveX control in DartZip.dll 1.8.5.3, when Internet Explorer 6 is used, allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip functio... Read more

    • EPSS Score: %15.58
    • Published: May. 24, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-2981

    Buffer overflow in a certain ActiveX control in LEAD Technologies LEADTOOLS Raster OCR Document Object Library (ltrdc14e.dll) 14.5.0.44 allows remote attackers to execute arbitrary code via a long DictionaryFileName property.... Read more

    • EPSS Score: %7.63
    • Published: Jun. 01, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-2505

    Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 allows user-assisted remote attackers to execute arbitrary code via a long command line argument, as demonstrated by a long string in the subject field in a mailto URI. NOTE: some of thes... Read more

    Affected Products : mailcopa
    • EPSS Score: %16.08
    • Published: May. 04, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3071

    Buffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote attackers to execute arbitrary code via a long first argument.... Read more

    Affected Products : esellerate_sdk
    • EPSS Score: %6.28
    • Published: Jun. 06, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-0068

    IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database.... Read more

    Affected Products : lotus_domino
    • EPSS Score: %1.77
    • Published: Jun. 06, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3150

    Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .ex... Read more

    Affected Products : desktop
    • EPSS Score: %0.89
    • Published: Jun. 11, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 291358 Results