Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2020-7141

    A adddevicetoview expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %2.83
    • Published: Oct. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-0359

    Buffer overflow in the SSLv2 support in Zeus Web Server before 4.3r5 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in an invalid Client Hello message.... Read more

    Affected Products : zeus_web_server
    • EPSS Score: %38.04
    • Published: Jan. 20, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-7170

    A select expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %2.83
    • Published: Oct. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-6490

    Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote at... Read more

    • EPSS Score: %32.65
    • Published: Feb. 22, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-6539

    Multiple buffer overflows in Winamp Web Interface (Wawi) 7.5.13 and earlier (1) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an (a) long username or a (b) crafted packet to the FindBasicAu... Read more

    Affected Products : winamp_web_interface
    • EPSS Score: %17.62
    • Published: Dec. 14, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2020-7388

    Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation pa... Read more

    Affected Products : x3 adxadmin x3_hr_\&_payroll
    • EPSS Score: %75.46
    • Published: Jul. 22, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15181

    The Alfresco Reset Password add-on before version 1.2.0 relies on untrusted inputs in a security decision. Intruders can get admin's access to the system using the vulnerability in the project. Impacts all servers where this add-on is installed. The probl... Read more

    Affected Products : reset_password
    • EPSS Score: %0.23
    • Published: Sep. 18, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-15188

    SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the f... Read more

    Affected Products : soy_cms soy_cms
    • EPSS Score: %5.46
    • Published: Sep. 18, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-1517

    The GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers to (1) download arbitrary programs onto a client system, and execute these programs, via vectors involving the dl method; and (2) download arbitrary programs onto a client system via v... Read more

    Affected Products : dldrv2_activex_control
    • EPSS Score: %1.20
    • Published: Aug. 02, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2018-13314

    System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ipAddr" POST parameter.... Read more

    Affected Products : a3002ru_firmware a3002ru
    • EPSS Score: %15.30
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-4615

    Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has unknown impact and attack vectors.... Read more

    Affected Products : portalapp
    • EPSS Score: %0.34
    • Published: Oct. 20, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-13316

    System command injection in formAliasIp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "subnet" POST parameter.... Read more

    Affected Products : a3002ru_firmware a3002ru
    • EPSS Score: %15.30
    • Published: Nov. 27, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-0344

    Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) ... Read more

    Affected Products : fire_x2100_m2 fire_x2200_m2
    • EPSS Score: %2.30
    • Published: Jan. 29, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-16144

    The test connection functionality in the NetAudit section of Opsview Monitor before 5.3.1 and 5.4.x before 5.4.2 is vulnerable to command injection due to improper sanitization of the rancid_password parameter.... Read more

    Affected Products : opsview
    • EPSS Score: %25.38
    • Published: Sep. 05, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-1394

    Direct static code injection vulnerability in startsession.php in Flat Chat 2.0 allows remote attackers to execute arbitrary PHP code via the Chat Name field, which is inserted into online.txt and included by users.php. NOTE: some of these details are ob... Read more

    Affected Products : flat_chat
    • EPSS Score: %8.94
    • Published: Mar. 10, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2021-40119

    A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across install... Read more

    Affected Products : policy_suite
    • EPSS Score: %4.36
    • Published: Nov. 04, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-3509

    Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scheduler.... Read more

    Affected Products : solaris
    • EPSS Score: %2.18
    • Published: Oct. 14, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2007-1579

    Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote attackers to have an unknown impact via a certain SUBSCRIBE command.... Read more

    Affected Products : mercur_messaging_2005 mercur_imapd
    • EPSS Score: %34.26
    • Published: Mar. 21, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1621

    PHP remote file inclusion vulnerability in templates/head.php in Active PHP Bookmark Notes (APB) 0.2.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the APB_SETTINGS[template_path] parameter. NOTE: this issue might be rel... Read more

    Affected Products : active_php_bookmark_notes
    • EPSS Score: %1.75
    • Published: Mar. 23, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2017-17968

    A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response.... Read more

    Affected Products : nettransport_download_manager
    • EPSS Score: %54.59
    • Published: Dec. 29, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291274 Results