Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2004-0246

    Multiple PHP remote file inclusion vulnerabilities in (1) fonctions.lib.php, (2) derniers_commentaires.php, and (3) admin.php in Les Commentaires 2.0 allow remote attackers to execute arbitrary PHP code via the rep parameter.... Read more

    Affected Products : les_commentaires
    • EPSS Score: %1.44
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2012-2428

    Integer overflow in the server in xArrow before 3.4.1 allows remote attackers to execute arbitrary code via a crafted packet that triggers an out-of-bounds read operation.... Read more

    Affected Products : xarrow
    • EPSS Score: %1.89
    • Published: May. 25, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2019-1971

    A vulnerability in the web portal of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, remote attacker to perform a command injection attack and execute arbitrary commands with root privileges. The vulnerability is due t... Read more

    • EPSS Score: %1.40
    • Published: Aug. 08, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-3623

    Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute ar... Read more

    • EPSS Score: %83.23
    • Published: Dec. 10, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-1999-0233

    IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files.... Read more

    Affected Products : internet_information_services
    • EPSS Score: %29.53
    • Published: Feb. 25, 1996
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2017-13160

    A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-37160362.... Read more

    Affected Products : android
    • EPSS Score: %1.26
    • Published: Dec. 06, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2019-10787

    im-resize through 2.3.2 allows remote attackers to execute arbitrary commands via the "exec" argument. The cmd argument used within index.js, can be controlled by user without any sanitization.... Read more

    Affected Products : im-resize
    • EPSS Score: %3.34
    • Published: Feb. 04, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-4501

    Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.... Read more

    Affected Products : cloudstack cloudstack
    • EPSS Score: %2.73
    • Published: Oct. 26, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2007-3483

    Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a default configuration that permits installation of arbitrary third-party applications on BlackBerry devices, which might facilitate loading of malware.... Read more

    • EPSS Score: %0.33
    • Published: Jun. 28, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2011-5127

    Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP reques... Read more

    Affected Products : windows reporter
    • EPSS Score: %28.81
    • Published: Aug. 26, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-10511

    HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAILN before olln-base-5.0-418.i386.rpm contains insecure configurations. Attackers can exploit these flaws to access unauthorized functionality via a crafted URL.... Read more

    Affected Products : oaklouds_ccm\@il
    • EPSS Score: %0.52
    • Published: Apr. 15, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-2951

    Datum Systems SnIP on PSM-500 and PSM-4500 devices has a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.... Read more

    Affected Products : snip
    • EPSS Score: %1.30
    • Published: Jul. 14, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2011-5121

    The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not properly check whether unspecified X.509 certificates are revoked, which has unknown impact and remote attack vectors.... Read more

    Affected Products : comodo_internet_security
    • EPSS Score: %0.18
    • Published: Aug. 26, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2016-5071

    Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.... Read more

    Affected Products : aleos_firmware gx_440
    • EPSS Score: %0.03
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2004-2233

    Unknown "front page vulnerability with Moodle servers" for Moodle before 1.3.2 has unknown impact and attack vectors.... Read more

    Affected Products : moodle
    • EPSS Score: %0.62
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-2359

    Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet 3.10.39.0 does not properly drop SYSTEM privileges when started from the systray applet, which allows local users to gain privileges by accessing the Help functionality.... Read more

    • EPSS Score: %1.23
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-2421

    Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7, when running on HP-UX in trusted mode, allows attackers to bypass authentication and gain administrator rights.... Read more

    • EPSS Score: %0.77
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-2406

    Unknown "overflow" in the phpgw_config table for phpGroupWare before 0.9.14.002 has unknown attack vectors and impact.... Read more

    Affected Products : phpgroupware
    • EPSS Score: %0.38
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2012-4033

    Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors.... Read more

    Affected Products : wordpress zingiri_web_shop
    • EPSS Score: %1.40
    • Published: Jul. 18, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2016-0835

    decoder/impeg2d_dec_hdr.c in mediaserver in Android 6.x before 2016-04-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a certain negative value, aka internal bug ... Read more

    Affected Products : android
    • EPSS Score: %4.02
    • Published: Apr. 18, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 291312 Results