Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2007-4675

    Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom... Read more

    • Published: Nov. 07, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4634

    Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the ... Read more

    • Published: Aug. 31, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4515

    Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvC... Read more

    Affected Products : messenger
    • Published: Aug. 31, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4467

    Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX control (beans.ocx) 1.1.8.16 and earlier, as used by Oracle Forms applications from Oracle and third parties, allow remote attackers to execute arbitrary code via unspecified "initiali... Read more

    Affected Products : jinitiator
    • Published: Aug. 31, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4419

    Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin username, user id, and group id, to compose the OD3_AutoLogin authentication cookie, which makes it easier for remote attackers to guess the cookie and access the Admin area.... Read more

    Affected Products : olatedownload
    • Published: Aug. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4420

    Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDown... Read more

    Affected Products : office_viewer_component
    • Published: Aug. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4396

    Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) l33tmusic.pl 2.00, (3) mpg123.pl 0.01, (4) ogg123.pl 0.01, (5) xmms.pl 2.0, (6) xmms2.pl 1.1.3, and (7) xmmsinfo.pl 1.1.1.1 scripts for irssi before 0.8.11 allow user-assisted remote attack... Read more

    Affected Products : irssi
    • Published: Aug. 18, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4470

    Multiple stack-based buffer overflows in the Earth Resource Mapping NCSView ActiveX control before 3.4.0.242 in NCSView.dll, as distributed in ER Mapper ECW JPEG 2000 Plug-in before 8.1, allow remote attackers to execute arbitrary code via unspecified vec... Read more

    • Published: Sep. 10, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4356

    Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session, which allows context-dependent attackers to obtain sensitive information by reading the HTML source, as demonstrated by a (1) .htm, (2) .htm... Read more

    Affected Products : internet_explorer
    • Published: Aug. 15, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    CRITICAL
    CVE-2025-9242

    An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with... Read more

    Affected Products : fireware_os
    • Published: Sep. 17, 2025
    • Modified: Sep. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.3

    HIGH
    CVE-2007-4344

    Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build 108, Pro Photo Manager 8.1 build 99, and Photo Editor 4.0 build 195 allow user-assisted remote attackers to execute arbitrary code via a long section string in (1) a PSP image to the I... Read more

    • Published: Nov. 15, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4235

    Multiple PHP remote file inclusion vulnerabilities in VietPHP allow remote attackers to execute arbitrary PHP code via a URL in (1) the dirpath parameter to (a) _functions.php, or (2) the language parameter to (b) admin/index.php or (c) index.php.... Read more

    Affected Products : vietphp
    • Published: Aug. 08, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4120

    Multiple PHP remote file inclusion vulnerabilities in Jelsoft vBulletin 3.6.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) classfile parameter to includes/functions.php, the (2) nextitem parameter to includes/functions_cron.ph... Read more

    Affected Products : vbulletin
    • Published: Aug. 01, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4067

    Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ActiveX control in CLINETSUITEX6.OCX in Clever Internet ActiveX Suite 6.2 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the ... Read more

    Affected Products : internet_activex_suite
    • Published: Jul. 30, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4009

    PHP remote file inclusion vulnerability in admin/business_inc/saveserver.php in SWSoft Confixx Pro 2.0.12 through 3.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the thisdir parameter.... Read more

    Affected Products : confixx
    • Published: Jul. 26, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4007

    PHP remote file inclusion vulnerability in index.php in Article Directory (Article Site Directory) allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.... Read more

    Affected Products : article_directory
    • Published: Jul. 26, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-4013

    Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka Net6Launcher Class) 4.5.2 and earlier, (2) npCtxCAO.dll (aka Citrix Endpoint Analysis Client) in a Firefox plugin directory, and (3) a second npCtxCAO.dll (aka CCAOControl Object) before 4.5.... Read more

    • Published: Jul. 26, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3935

    PHP remote file inclusion vulnerability in link_main.php in the SupaNav 1.0.0 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.... Read more

    Affected Products : supanav
    • Published: Jul. 21, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3944

    Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via cer... Read more

    Affected Products : iphone_os safari webkit
    • Published: Jul. 23, 2007
    • Modified: Apr. 09, 2025

  • 9.3

    HIGH
    CVE-2007-3897

    Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, and Windows Mail for Vista, allows remote Network News Transfer Protocol (NNTP) servers to execute arbitrary code via long NNTP responses that trigger memory corruption.... Read more

    Affected Products : windows_mail outlook_express
    • Published: Oct. 09, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 294836 Results