Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2020-6779

    Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remote attacker to log into the database with admin-privileges. This may result in complete compromi... Read more

    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-4650

    Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors.... Read more

    Affected Products : clearpass_policy_manager
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2020-6769

    Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confident... Read more

    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-6235

    A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack ... Read more

    • Published: Dec. 07, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-1999-1376

    Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands.... Read more

    Affected Products : internet_information_server
    • Published: Jan. 14, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2001-0045

    The default permissions for the RAS Administration key in Windows NT 4.0 allows local users to execute arbitrary commands by changing the value to point to a malicious DLL, aka one of the "Registry Permissions" vulnerabilities.... Read more

    Affected Products : windows_nt
    • Published: Feb. 16, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2007-2508

    Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2 Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168, which triggers an overflow in the CAgRpcClient::CreateBindin... Read more

    Affected Products : serverprotect serverprotect
    • Published: May. 08, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2015-4602

    The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an une... Read more

    • Published: May. 16, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-4603

    The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue.... Read more

    • Published: May. 16, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2002-1145

    The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updati... Read more

    Affected Products : sql_server sql_server data_engine
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-0927

    Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has unknown impact and attack vectors, probably involving shell metacharacters or .. sequences.... Read more

    Affected Products : webapp
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0101

    miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a ses... Read more

    • Published: Mar. 03, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-2529

    Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to "the utility used to update Java shared archives."... Read more

    Affected Products : java
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2015-4486

    The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data.... Read more

    • Published: Aug. 16, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-4477

    Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API.... Read more

    Affected Products : firefox ubuntu_linux opensuse
    • Published: Aug. 16, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2008-4641

    The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.... Read more

    Affected Products : jhead jhead
    • Published: Oct. 21, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-4834

    Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans re... Read more

    • Published: Jan. 14, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2015-4430

    Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler b... Read more

    • Published: Jul. 09, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2008-5316

    Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in Little cms color engine (aka lcms) before 1.16 allows attackers to have an unknown impact via vectors related to a length parameter inconsistency involving the contents of "the input f... Read more

    Affected Products : little_cms_color_engine lcms
    • Published: Dec. 03, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2015-4428

    Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler b... Read more

    • Published: Jul. 09, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 292801 Results