Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2010-1424

    Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government 2006 through 2010 allows user-assisted remote attackers to execute arbitrary code via a crafted font file.... Read more

    Affected Products : ichitaro
    • EPSS Score: %4.87
    • Published: Apr. 15, 2010
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2008-2399

    Directory traversal vulnerability in the FireFTP add-on before 0.98.20080518 for Firefox allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to (1) MLSD and (2) LIST commands, a related issue... Read more

    Affected Products : firefox fireftp
    • EPSS Score: %0.35
    • Published: May. 22, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2013-1947

    kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb.... Read more

    Affected Products : ruby kelredd-pruview
    • EPSS Score: %1.29
    • Published: Apr. 25, 2013
    • Modified: Apr. 11, 2025

  • 9.3

    HIGH
    CVE-2019-2013

    In rw_t3t_act_handle_sro_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.P... Read more

    Affected Products : android
    • EPSS Score: %0.14
    • Published: Jun. 19, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2020-9621

    Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    • EPSS Score: %4.29
    • Published: Jun. 26, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2008-2683

    The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, a... Read more

    Affected Products : barcode_sdk
    • EPSS Score: %79.40
    • Published: Jun. 12, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-2690

    Multiple PHP remote file inclusion vulnerabilities in BrowserCRM 5.002.00, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the bcrm_pub_root parameter to (1) kb.php, (2) login.php, (3) index.php, (4) con... Read more

    Affected Products : browsercrm
    • EPSS Score: %1.19
    • Published: Jun. 13, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2018-18638

    A command injection vulnerability in the setup API in the Neato Botvac Connected 2.2.0 allows network attackers to execute arbitrary commands via shell metacharacters in the ntp field within JSON data to the /robot/initialize endpoint.... Read more

    • EPSS Score: %5.09
    • Published: Oct. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-1999-0572

    .reg files are associated with the Windows NT registry editor (regedit), making the registry susceptible to Trojan Horse attacks.... Read more

    Affected Products : windows_2000 windows_nt
    • EPSS Score: %8.97
    • Published: Jan. 01, 1997
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2007-0879

    Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows user-assisted remote attackers to execute arbitrary code via certain executable files in PE format. NOTE: the provenance of this information is unknown; the details are obtained solely ... Read more

    Affected Products : pebrowse
    • EPSS Score: %4.14
    • Published: Feb. 12, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-1784

    The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus Notes Sametime before 7.5 allows remote attackers to load arbitrary DLL libraries and execute arbitrary code via arbitrary arguments to the loadLibrary function.... Read more

    • EPSS Score: %3.71
    • Published: Mar. 31, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2004-1875

    Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) ... Read more

    Affected Products : cpanel
    • EPSS Score: %15.32
    • Published: Mar. 30, 2004
    • Modified: Apr. 03, 2025

  • 9.3

    HIGH
    CVE-2007-3924

    Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metac... Read more

    Affected Products : internet_explorer navigator
    • EPSS Score: %7.82
    • Published: Jul. 21, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-5213

    Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS 2100 Network Camera 2.02 with firmware 2.43 and earlier allow remote attackers to perform actions as administrators, as demonstrated by (1) an SMTP server change through the conf_SMTP_... Read more

    • EPSS Score: %0.75
    • Published: Oct. 04, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-5687

    Multiple buffer overflows in the rich text processing functionality in JustSystems Ichitaro 2004 through 2007, 11 through 13, and other versions allow remote attackers to execute arbitrary code via a long (1) pard field or (2) font name in the fcharset0 f... Read more

    Affected Products : ichitaro ichitaro
    • EPSS Score: %17.53
    • Published: Oct. 28, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-6254

    Stack-based buffer overflow in the SAP Business Objects BusinessObjects RptViewerAX ActiveX control in RptViewerAX.dll in Business Objects 6.5 before CHF74 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : businessobjects business_objects
    • EPSS Score: %20.11
    • Published: Mar. 20, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-6278

    Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.... Read more

    Affected Products : libflac
    • EPSS Score: %1.14
    • Published: Dec. 07, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-3595

    PHP remote file inclusion vulnerability in examples/txtSQLAdmin/startup.php in txtSQL 2.2 Final allows remote attackers to execute arbitrary PHP code via a URL in the CFG[txtsql][class] parameter.... Read more

    Affected Products : txtsql
    • EPSS Score: %1.21
    • Published: Aug. 12, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-5696

    Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.... Read more

    Affected Products : netware netware
    • EPSS Score: %2.49
    • Published: Dec. 19, 2008
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2008-0228

    Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators.... Read more

    Affected Products : wrt54gl_firmware wrt54gl
    • EPSS Score: %1.15
    • Published: Jan. 10, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 291812 Results