Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2007-3071

    Buffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote attackers to execute arbitrary code via a long first argument.... Read more

    Affected Products : esellerate_sdk
    • EPSS Score: %6.28
    • Published: Jun. 06, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-0068

    IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database.... Read more

    Affected Products : lotus_domino
    • EPSS Score: %1.77
    • Published: Jun. 06, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3150

    Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .ex... Read more

    Affected Products : desktop
    • EPSS Score: %0.89
    • Published: Jun. 11, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3186

    Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI.... Read more

    Affected Products : safari
    • EPSS Score: %8.93
    • Published: Jun. 12, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3360

    hook.c in BitchX 1.1-final allows remote IRC servers to execute arbitrary commands by sending a client certain data containing NICK and EXEC strings, which exceeds the bounds of a hash table, and injects an EXEC hook function that receives and executes sh... Read more

    Affected Products : bitchx
    • EPSS Score: %6.86
    • Published: Jun. 22, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3376

    Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long value in the title HTML tag, which triggers the overflow when the user adds t... Read more

    Affected Products : windows_xp safari
    • EPSS Score: %4.66
    • Published: Jun. 25, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3435

    Stack-based buffer overflow in the BeginPrint method in a certain ActiveX control in RKD Software (barcodetools.com) BarCodeAx.dll 4.9 allows remote attackers to execute arbitrary code via a long argument.... Read more

    Affected Products : barcode_activex
    • EPSS Score: %76.14
    • Published: Jun. 27, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3489

    Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in the management interface in Check Point VPN-1 Edge X Embedded NGX 7.0.33x on the Check Point VPN-1 UTM Edge allows remote attackers to perform privileged actions as administrators, as dem... Read more

    Affected Products : vpn-1_utm_edge
    • EPSS Score: %1.71
    • Published: Jun. 29, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3512

    Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows user-assisted remote attackers to execute arbitrary code via a large LHA "Extended Header Size" value in an LZH archive, a different issue than CVE-2007-3375.... Read more

    Affected Products : lhaca_file_archiver
    • EPSS Score: %9.61
    • Published: Jul. 03, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3572

    Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL encoded "`"... Read more

    Affected Products : pico pico_pro
    • EPSS Score: %7.00
    • Published: Jul. 05, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3786

    Cross-site request forgery (CSRF) vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable softw... Read more

    Affected Products : instagate_ex2_utm
    • EPSS Score: %1.90
    • Published: Jul. 15, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3825

    Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve prod... Read more

    • EPSS Score: %27.26
    • Published: Jul. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3302

    The CallCode ActiveX control in caller.dll 3.0 before 20070713, and 3.0 SP1 before 3.0.5.81, in CA (formerly Computer Associates) eTrust Intrusion Detection allows remote attackers to load arbitrary DLLs on a client system, and execute code from these DLL... Read more

    • EPSS Score: %23.30
    • Published: Jul. 26, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4013

    Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.... Read more

    • EPSS Score: %1.17
    • Published: Jul. 26, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4067

    Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ActiveX control in CLINETSUITEX6.OCX in Clever Internet ActiveX Suite 6.2 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the ... Read more

    Affected Products : internet_activex_suite
    • EPSS Score: %6.67
    • Published: Jul. 30, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4105

    A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 allows remote attackers to execute arbitrary code via a request containing "a link to download and a file to execute," possibly involving remote file inclusion.... Read more

    Affected Products : soba_search_bar
    • EPSS Score: %5.45
    • Published: Jul. 31, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4120

    Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) classfile parameter to includes/functions.php, the (2) nextitem parameter to includes/functions_cron.ph... Read more

    Affected Products : vbulletin
    • EPSS Score: %0.85
    • Published: Aug. 01, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4152

    The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit 12.4.0.0 allows remote attackers to conduct replay attacks by capturing and resending data from the DETAILS and PROCESS sections of a session that schedules an audit.... Read more

    Affected Products : audit
    • EPSS Score: %0.67
    • Published: Aug. 03, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-17910

    WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution.... Read more

    Affected Products : webaccess
    • EPSS Score: %3.05
    • Published: Oct. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-4422

    The login interface in Symantec Enterprise Firewall 6.x, when a VPN with pre-shared key (PSK) authentication is enabled, generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid userna... Read more

    Affected Products : enterprise_firewall
    • EPSS Score: %2.24
    • Published: Aug. 18, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 291368 Results