Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2007-4962

    Directory traversal vulnerability in WinImage 8.10 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a filename within a (1) .IMG or (2) .ISO file. NOTE: this can be leveraged for code execution... Read more

    Affected Products : winimage
    • Published: Sep. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2025-55746

    Directus is a real-time API and App dashboard for managing SQL database content. From 10.8.0 to before 11.9.3, a vulnerability exists in the file update mechanism which allows an unauthenticated actor to modify existing files with arbitrary contents (with... Read more

    Affected Products : directus
    • Published: Aug. 20, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Misconfiguration

  • 9.3

    HIGH
    CVE-2019-0756

    A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka 'MS XML Remote Code Execution Vulnerability'.... Read more

    • Published: Apr. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-4943

    Multiple buffer overflows in a certain ActiveX control in sparser.dll in Baofeng Storm 2.8 and earlier allow remote attackers to execute arbitrary code via malformed input in an unknown set of arguments or property values, a different DLL than CVE-2007-48... Read more

    Affected Products : storm
    • Published: Sep. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4909

    Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL... Read more

    Affected Products : winscp
    • Published: Sep. 17, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2025-27493

    A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions < V6.4.9), SiPass integrated ACC-AP (All versions < V6.4.9). Affected devices improperly sanitize user input for specific commands on the telnet command line interface.... Read more

    • Published: Mar. 11, 2025
    • Modified: Aug. 22, 2025
    • Vuln Type: Injection

  • 9.3

    HIGH
    CVE-2007-4842

    Directory traversal vulnerability in Enriva Development Magellan Explorer 3.32 build 2305 and earlier allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a filename. NOTE: this can be leveraged for code execution by writ... Read more

    Affected Products : magellan_explorer
    • Published: Sep. 12, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2019-0748

    A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'.... Read more

    Affected Products : office
    • Published: Apr. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2007-4776

    Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a Visual Basic project (vbp) file containing a long Reference line, related to VBP_Open and OLE. NOTE: there a... Read more

    Affected Products : visual_basic
    • Published: Sep. 10, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4740

    The HPRevolutionRegistryManager ActiveX control in Hp.Revolution.RegistryManager.dll 1 in Telecom Italy Alice Messenger allows remote attackers to create registry keys and values via the arguments to the WriteRegistry method.... Read more

    Affected Products : alice_messenger
    • Published: Sep. 06, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4735

    Buffer overflow in Next Generation Software Virtual DJ (VDJ) 5.0 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file.... Read more

    Affected Products : virtual_dj_\(vdj\)
    • Published: Sep. 06, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4675

    Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom... Read more

    • Published: Nov. 07, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4634

    Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the ... Read more

    • Published: Aug. 31, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4515

    Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvC... Read more

    Affected Products : messenger
    • Published: Aug. 31, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4467

    Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified "initiali... Read more

    Affected Products : jinitiator
    • Published: Aug. 31, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4419

    Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area.... Read more

    Affected Products : olatedownload
    • Published: Aug. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4420

    Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDown... Read more

    Affected Products : office_viewer_component
    • Published: Aug. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4396

    Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) xmms.pl 2.0, (6) xmms2.pl 1.1.3, and (7) xmmsinfo.pl 1.1.1.1 scripts for irssi before 0.8.11 allow user-assisted remote attack... Read more

    Affected Products : irssi
    • Published: Aug. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4470

    Multiple stack-based buffer overflows in the Earth Resource Mapping NCSView ActiveX control before 3.4.0.242 in NCSView.dll, as distributed in ER Mapper ECW JPEG 2000 Plug-in before 8.1, allow remote attackers to execute arbitrary code via unspecified vec... Read more

    • Published: Sep. 10, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4356

    Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session, which allows context-dependent attackers to obtain sensitive information by reading the HTML source, as demonstrated by a (1) .htm, (2) .htm... Read more

    Affected Products : internet_explorer
    • Published: Aug. 15, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 294796 Results