Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2001-0191

    gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a ... Read more

    Affected Products : linux xemacs gnuserv
    • Published: May. 03, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2001-0025

    ad.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter.... Read more

    Affected Products : ad.cgi
    • Published: Feb. 12, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-1047

    Buffer overflow in SMTP service of Lotus Domino 5.0.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long ENVID keyword in the "MAIL FROM" command.... Read more

    • Published: Dec. 11, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0623

    Buffer overflow in O'Reilly WebSite Professional web server 2.4 and earlier allows remote attackers to execute arbitrary commands via a long GET request or Referrer header.... Read more

    Affected Products : website_professional
    • Published: Jul. 17, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0222

    The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs.... Read more

    Affected Products : windows_2000
    • Published: Feb. 15, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0488

    Buffer overflow in ITHouse mail server 1.04 allows remote attackers to execute arbitrary commands via a long RCPT TO mail command.... Read more

    Affected Products : ithouse_mail_server
    • Published: May. 30, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0618

    The rexec service is running.... Read more

    Affected Products :
    • Published: Jan. 01, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2016-6147

    An unspecified interface in SAP TREX 7.10 Revision 63 allows remote attackers to execute arbitrary OS commands with SIDadm privileges via unspecified vectors, aka SAP Security Note 2234226.... Read more

    Affected Products : trex
    • Published: Aug. 05, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2016-6082

    IBM BigFix Platform could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free race condition. An attacker could exploit this vulnerability to execute arbitrary code on the system.... Read more

    Affected Products : bigfix_platform
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-5872

    In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated.... Read more

    Affected Products : android
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-5743

    Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenP... Read more

    • Published: Jul. 22, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-5791

    An Improper Authentication issue was discovered in JanTek JTC-200, all versions. The improper authentication could provide an undocumented BusyBox Linux shell accessible over the TELNET service without any authentication.... Read more

    Affected Products : jtc-200_firmware jtc-200
    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-5745

    F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF11, 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2 allow remote attackers to modif... Read more

    Affected Products : big-ip_local_traffic_manager
    • Published: Oct. 05, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-5678

    NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors.... Read more

    Affected Products : nvrmini_2 nvrsolo
    • Published: Aug. 31, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-5670

    Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via the web management interface.... Read more

    • Published: Aug. 03, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-5636

    Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer ... Read more

    Affected Products : python
    • Published: Sep. 02, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-5411

    /var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system.... Read more

    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-5179

    Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot.... Read more

    Affected Products : chrome_os
    • Published: Mar. 07, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-5071

    Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root.... Read more

    Affected Products : aleos_firmware gx_440
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-5066

    Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, sconsole, and user.... Read more

    Affected Products : aleos_firmware gx_440
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293284 Results