Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2007-4120

    Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) classfile parameter to includes/functions.php, the (2) nextitem parameter to includes/functions_cron.ph... Read more

    Affected Products : vbulletin
    • Published: Aug. 01, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4067

    Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ActiveX control in CLINETSUITEX6.OCX in Clever Internet ActiveX Suite 6.2 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the ... Read more

    Affected Products : internet_activex_suite
    • Published: Jul. 30, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4009

    PHP remote file inclusion vulnerability in admin/business_inc/saveserver.php in SWSoft Confixx Pro 2.0.12 through 3.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the thisdir parameter.... Read more

    Affected Products : confixx
    • Published: Jul. 26, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4007

    PHP remote file inclusion vulnerability in index.php in Article Directory (Article Site Directory) allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.... Read more

    Affected Products : article_directory
    • Published: Jul. 26, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4013

    Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.... Read more

    • Published: Jul. 26, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3935

    PHP remote file inclusion vulnerability in link_main.php in the SupaNav 1.0.0 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.... Read more

    Affected Products : supanav
    • Published: Jul. 21, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3944

    Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via cer... Read more

    Affected Products : iphone_os safari webkit
    • Published: Jul. 23, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3897

    Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.... Read more

    Affected Products : windows_mail outlook_express
    • Published: Oct. 09, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-6263

    The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, when certain modifications to support SSL have been introduced, calls fclose on an uninitialized file stream, which allows remote attackers to cause a denial of service (daemon crash) and ... Read more

    Affected Products : netkit_ftp
    • Published: Dec. 06, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3831

    PHP remote file inclusion in main.php in ISS Proventia Network IPS GX5108 1.3 and GX5008 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.... Read more

    • Published: Jul. 17, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3826

    Microsoft Internet Explorer 7 on Windows XP SP2 allows remote attackers to prevent users from leaving a site, spoof the address bar, and conduct phishing and other attacks via repeated document.open function calls after a user requests a new page, but bef... Read more

    Affected Products : internet_explorer windows_xp
    • Published: Jul. 17, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3829

    Multiple stack-based buffer overflows in (a) InterActual Player 2.60.12.0717 and (b) Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via a (1) long FailURL attribute in the IAMCE ActiveX Control (IAMCE.dll) or a (2) long URLCode attr... Read more

    Affected Products : cineplayer interactual_player
    • Published: Jul. 17, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3786

    Cross-site request forgery (CSRF) vulnerability on the eSoft InstaGate EX2 UTM device before firmware 3.1.20070615 allows remote attackers to perform privileged actions as administrators. NOTE: the vendor disputes the distribution of the vulnerable softw... Read more

    Affected Products : instagate_ex2_utm
    • Published: Jul. 15, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2024-44256

    The issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.7.1, macOS Sonoma 14.7.1. An app may be able to break out of its sandbox.... Read more

    Affected Products : macos
    • Published: Oct. 28, 2024
    • Modified: Dec. 12, 2024

  • 9.3

    HIGH
    CVE-2007-3899

    Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."... Read more

    Affected Products : office word
    • Published: Oct. 09, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3737

    Mozilla Firefox before 2.0.0.5 allows remote attackers to execute arbitrary code with chrome privileges by calling an event handler from an unspecified "element outside of a document."... Read more

    Affected Products : firefox
    • Published: Jul. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3699

    The Decomposer component in multiple Symantec products allows remote attackers to cause a denial of service (infinite loop) via a certain value in the PACK_SIZE field of a RAR archive file header.... Read more

    • Published: Oct. 05, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3825

    Multiple stack-based buffer overflows in the RPC implementation in alert.exe before 8.0.255.0 in CA (formerly Computer Associates) Alert Notification Server, as used in Threat Manager for the Enterprise, Protection Suites, certain BrightStor ARCserve prod... Read more

    • Published: Jul. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3618

    Stack-based buffer overflow in the NetWorker Remote Exec Service (nsrexecd.exe) in EMC Software NetWorker 7.x.x allows remote attackers to execute arbitrary code via a (1) poll or (2) kill request with a "long invalid subcmd."... Read more

    Affected Products : legato_networker
    • Published: Aug. 21, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3611

    admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not require authentication, which allows remote attackers to perform certain administrative actions via a direct request with a (1) edit, (2) add, (3) config, or (4) del value in the act par... Read more

    Affected Products : vrnews
    • Published: Jul. 06, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 294740 Results