Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2003-0731

    CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows the guest user to gain administrative privileges via a certain POST request to com.cisco.nm.cmf.servlet.CsAuthServlet, possibly involving the "cmd" parameter with a modifyUser value and ... Read more

    • EPSS Score: %0.38
    • Published: Oct. 20, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2011-2288

    Unspecified vulnerability in Sun Integrated Lights Out Manager (ILOM) in SysFW 8.1.0.a and earlier for various Oracle SPARC T3, SPARC Netra T3, Sun Blade, and Sun Fire servers allows remote attackers to affect confidentiality, integrity, and availability,... Read more

    • EPSS Score: %2.18
    • Published: Jul. 21, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2015-0545

    EMC Unisphere for VMAX 8.x before 8.0.3.4 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : unisphere
    • EPSS Score: %4.70
    • Published: Jun. 29, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2011-3135

    Unspecified vulnerability in the Runtime in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors.... Read more

    • EPSS Score: %0.52
    • Published: Aug. 12, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-15431

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsin... Read more

    Affected Products : webpanel
    • EPSS Score: %2.07
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-4039

    A command injection vulnerability in the web interface of the Zyxel NWA-1100-NH firmware could allow an attacker to execute arbitrary OS commands on the device.... Read more

    Affected Products : nwa1100-nh_firmware nwa1100-nh
    • EPSS Score: %80.64
    • Published: Mar. 01, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2002-1854

    Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain name field.... Read more

    Affected Products : rlaj_whois
    • EPSS Score: %2.32
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2008-4138

    PHP remote file inclusion vulnerability in skin_shop/standard/3_plugin_twindow/twindow_notice.php in TECHNOTE 7 allows remote attackers to execute arbitrary PHP code via a URL in the shop_this_skin_path parameter.... Read more

    Affected Products : technote
    • EPSS Score: %3.80
    • Published: Sep. 24, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2019-17509

    D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary OS commands as root by leveraging admin access and sending a /HNAP1/ request for SetMasterWLanSettings with shell metacharacters to /squashfs-root/www/HNAP1/control/Se... Read more

    Affected Products : dir-846_firmware dir-846
    • EPSS Score: %6.20
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-1778

    PHP remote file inclusion vulnerability in db/mysql.php in the Eve-Nuke 0.1 (EN-Forums) module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.... Read more

    Affected Products : eve-nuke_forum
    • EPSS Score: %1.75
    • Published: Mar. 30, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2024-23614

    A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. ... Read more

    Affected Products : symantec_messaging_gateway
    • EPSS Score: %2.13
    • Published: Jan. 26, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-7246

    D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access.... Read more

    Affected Products : dvg-n5402sp_firmware dvg-n5402sp
    • EPSS Score: %33.10
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2001-1220

    D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges.... Read more

    Affected Products : dwl-1000ap
    • EPSS Score: %0.81
    • Published: Dec. 21, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2014-0603

    The rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to cause a denial of service (memory corruption) and execute arbitrary code via vectors related to the (1) GetGlobalSettings or (2) GetSiteProperti... Read more

    Affected Products : reflection_ftp_client
    • EPSS Score: %11.38
    • Published: Feb. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2017-18139

    In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415... Read more

    • EPSS Score: %0.23
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2005-3057

    The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response ha... Read more

    Affected Products : fortios fortigate
    • EPSS Score: %1.88
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2010-2978

    Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does not use an adequate message-digest algorithm for a self-signed certificate, which allows remote attackers to bypass intended access restrictions via vectors involving collisions, aka B... Read more

    • EPSS Score: %0.27
    • Published: Aug. 10, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2015-7919

    SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors.... Read more

    Affected Products : searchblox
    • EPSS Score: %0.57
    • Published: Dec. 21, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-1999-0097

    The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).... Read more

    Affected Products : aix solaris hp-ux sunos
    • EPSS Score: %1.25
    • Published: Oct. 29, 1997
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0101

    Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names.... Read more

    Affected Products : aix
    • EPSS Score: %3.25
    • Published: Dec. 10, 1996
    • Modified: Apr. 03, 2025
Showing 20 of 291275 Results