Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2017-14135

    enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the webadmin plugin for opendreambox 2.0.0 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the command parameter to the /script URI.... Read more

    Affected Products : opendreambox
    • Published: Sep. 04, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-6937

    Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service... Read more

    • Published: Sep. 17, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2010-0138

    Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 and earlier on Windows, as distributed in CiscoWorks LAN Management Solution (LMS), allows remote attackers to execute arbitrary code via a malformed getProcessName CORBA Gener... Read more

    • Published: Jan. 21, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2009-4178

    Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Topic parameter.... Read more

    Affected Products : openview_network_node_manager
    • Published: Dec. 10, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-4124

    Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. ... Read more

    Affected Products : ruby
    • Published: Dec. 11, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2016-6918

    Lexmark Markvision Enterprise (MVE) before 2.4.1 allows remote attackers to execute arbitrary commands by uploading files. (... Read more

    Affected Products : markvision_enterprise
    • Published: Mar. 09, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-4012

    Multiple integer overflows in LibThai before 0.1.13 might allow context-dependent attackers to execute arbitrary code via long strings that trigger heap-based buffer overflows, related to (1) thbrk/thbrk.c and (2) thwbrk/thwbrk.c. NOTE: some of these det... Read more

    Affected Products : libthai
    • Published: Jan. 19, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2009-3854

    Buffer overflow in the traditional client scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7 and 5.4 before 5.4.2 allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : tivoli_storage_manager
    • Published: Nov. 04, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-3710

    RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, which allows remote attackers to gain privileges via port 8022.... Read more

    Affected Products : rios
    • Published: Oct. 16, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2016-6909

    Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before 4.1.11, 4.2.x before 4.2.13, and 4.3.x before 4.3.9 and FortiSwitch before 3.4.3 allows remote attackers to execute arbitrary code via a crafted HTTP request, aka EGREGIOUSBLUNDER.... Read more

    Affected Products : fortios fortiswitch
    • Published: Aug. 24, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2021-1834

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to execute arbitrary code with ker... Read more

    Affected Products : macos mac_os_x
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-2853

    Wordpress before 2.8.3 allows remote attackers to gain privileges via a direct request to (1) admin-footer.php, (2) edit-category-form.php, (3) edit-form-advanced.php, (4) edit-form-comment.php, (5) edit-link-category-form.php, (6) edit-link-form.php, (7)... Read more

    Affected Products : wordpress
    • Published: Aug. 18, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2459

    Multiple unspecified vulnerabilities in mimeTeX, when downloaded before 20090713, have unknown impact and attack vectors related to the (1) \environ, (2) \input, and (3) \counter TeX directives.... Read more

    Affected Products : mimetex
    • Published: Jul. 14, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-1979

    Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained fro... Read more

    Affected Products : database_server
    • Published: Oct. 22, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-1571

    Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls that attempt... Read more

    Affected Products : firefox seamonkey
    • Published: Feb. 22, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2008-7251

    libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.... Read more

    Affected Products : phpmyadmin
    • Published: Jan. 19, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2008-5340

    Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted JWS applications to gain privileges to access loc... Read more

    Affected Products : jre sdk jdk
    • Published: Dec. 05, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-5052

    The AppendAttributeValue function in the JavaScript engine in Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 allows remote attackers to cause a denial of service (crash) via unknown vectors that trigg... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Nov. 13, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-4226

    Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.... Read more

    Affected Products : libxml
    • Published: Nov. 25, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-3693

    Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMw... Read more

    Affected Products : player server workstation ace
    • Published: Sep. 03, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 292770 Results