Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2007-4416

    captcha.php in BellaBook (aka BellaBuffs) allows remote attackers to obtain administrative privileges by sending the admin's username (admin_name) in a pheap_login cookie. NOTE: the vendor disputes this vulnerability because authentication data is derive... Read more

    Affected Products : bellabook
    • EPSS Score: %0.74
    • Published: Aug. 18, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-4490

    Multiple buffer overflows in EarthAgent.exe in Trend Micro ServerProtect 5.58 for Windows before Security Patch 4 allow remote attackers to have an unknown impact via certain RPC function calls to (1) RPCFN_EVENTBACK_DoHotFix or (2) CMD_CHANGE_AGENT_REGIS... Read more

    Affected Products : serverprotect serverprotect
    • EPSS Score: %0.94
    • Published: Aug. 22, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-4493

    eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop modul... Read more

    Affected Products : ez_publish
    • EPSS Score: %0.55
    • Published: Aug. 23, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-4747

    The telnet service in Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and ear... Read more

    • EPSS Score: %2.53
    • Published: Sep. 06, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-4758

    Multiple buffer overflows in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors.... Read more

    • EPSS Score: %3.69
    • Published: Sep. 08, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-4910

    Unspecified vulnerability in netInvoicing before 2.7.3 has unknown impact and attack vectors, related to "security check soap".... Read more

    Affected Products : netinvoicing
    • EPSS Score: %0.40
    • Published: Sep. 17, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-4983

    Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to create or overwrite arbitrary local files via a ..\ (dot dot backslash) in the second argument ... Read more

    Affected Products : jetaudio jetaudio
    • EPSS Score: %18.26
    • Published: Sep. 19, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-5019

    Buffer overflow in the Sun Java Web Start ActiveX control in Java Runtime Environment (JRE) 1.6.0_X allows remote attackers to have an unknown impact via a long argument to the dnsResolve (isInstalled.dnsResolve) method.... Read more

    Affected Products : jre sdk java_web_start
    • EPSS Score: %4.05
    • Published: Sep. 20, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-5070

    Heap-based buffer overflow in the EasyMailMessagePrinter ActiveX control in emprint.DLL 6.0.1.0 in the Quiksoft EasyMail MessagePrinter Object allows remote attackers to execute arbitrary code via a long string in the first argument to the SetFont method.... Read more

    Affected Products : easymail_messageprinter_object
    • EPSS Score: %5.58
    • Published: Sep. 24, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-3208

    CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via requests to (1) register.pl or (2) profile.pl that write CRLF sequences to a .vars file. NOTE: this can be leveraged to exec... Read more

    Affected Products : yabb
    • EPSS Score: %17.12
    • Published: Jun. 14, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-10948

    Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) 2.0.2 is vulnerable to Remote Command Execution via eval injection, a different issue than CVE-2002-0934. An unauthenticated, remote attacker can exploit this via a series of crafted r... Read more

    Affected Products : alienform2
    • EPSS Score: %18.07
    • Published: Apr. 01, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-5364

    Directory traversal vulnerability in payments/ideal_process.php in the iDEAL transaction handler in ViArt Shopping Cart allows remote attackers to have an unknown impact via directory traversal sequences in the filename parameter to the createCertFingerpr... Read more

    Affected Products : shopping_cart
    • EPSS Score: %0.37
    • Published: Oct. 11, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-5382

    The conversion utility for converting CiscoWorks Wireless LAN Solution Engine (WLSE) 4.1.91.0 and earlier to Cisco Wireless Control System (WCS) creates administrator accounts with default usernames and passwords, which allows remote attackers to gain pri... Read more

    • EPSS Score: %2.37
    • Published: Oct. 12, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-5419

    The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external (Internet) interface unless the user selects other options, which might expose the rout... Read more

    Affected Products : 3crwe554g72t
    • EPSS Score: %0.77
    • Published: Oct. 12, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-5467

    Integer overflow in eXtremail 2.1.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long USER command containing "%s" sequences to the pop3 port (110/tcp), which are expanded to "%%s" before bei... Read more

    Affected Products : extremail
    • EPSS Score: %17.98
    • Published: Oct. 15, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-5528

    Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.2 have unknown impact and attack vectors related to (1) Public Sector Human Resources (APP03) and (2) Quoting component (APP06).... Read more

    Affected Products : e-business_suite
    • EPSS Score: %1.12
    • Published: Oct. 17, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-5535

    Unspecified vulnerability in newbb_plus in RunCms 1.5.2 has unknown impact and attack vectors.... Read more

    Affected Products : runcms
    • EPSS Score: %0.39
    • Published: Oct. 18, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-5635

    Multiple unspecified vulnerabilities in Salford Software Support Incident Tracker (SiT!) before 3.30 have unknown impact and attack vectors.... Read more

    Affected Products : support_incident_tracker
    • EPSS Score: %0.46
    • Published: Oct. 23, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-5717

    Unspecified vulnerability in Sun Fire X2100 M2 and X2200 M2 Embedded Lights Out Manager (ELOM) on x86 before firmware 2.70 allows remote attackers to execute arbitrary commands as root on the Service Processor (SP) via unspecified vectors, a different vul... Read more

    • EPSS Score: %4.53
    • Published: Oct. 30, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-5941

    Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in Adobe Shockwave allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument to the ShockwaveVersion method.... Read more

    Affected Products : shockwave_player
    • EPSS Score: %23.14
    • Published: Nov. 14, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 290958 Results