Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2015-4732

    Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CV... Read more

    Affected Products : jdk jre
    • Published: Jul. 16, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-4716

    Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors.... Read more

    Affected Products : owncloud windows owncloud_server
    • Published: Oct. 21, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2020-6770

    Deserialization of Untrusted Data in the BVMS Mobile Video Service (BVMS MVS) allows an unauthenticated remote attacker to execute arbitrary code on the system. This affects Bosch BVMS versions 10.0 <= 10.0.0.1225, 9.0 <= 9.0.0.827, 8.0 <= 8.0.0.329 and 7... Read more

    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-1615

    Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence tha... Read more

    Affected Products : clamav
    • Published: Apr. 06, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-1041

    Buffer overflow in ypbind 3.3 possibly allows an attacker to gain root privileges.... Read more

    Affected Products : ypbind
    • Published: Dec. 11, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2001-0129

    Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long connect request.... Read more

    Affected Products : tinyproxy
    • Published: Mar. 12, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2020-6779

    Use of Hard-coded Credentials in the database of Bosch FSM-2500 server and Bosch FSM-5000 server up to and including version 5.2 allows an unauthenticated remote attacker to log into the database with admin-privileges. This may result in complete compromi... Read more

    • Published: Jan. 26, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-4650

    Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors.... Read more

    Affected Products : clearpass_policy_manager
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2020-6769

    Missing Authentication for Critical Function in the Bosch Video Streaming Gateway (VSG) allows an unauthenticated remote attacker to retrieve and set arbitrary configuration data of the Video Streaming Gateway. A successful attack can impact the confident... Read more

    • Published: Feb. 07, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-6235

    A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack ... Read more

    • Published: Dec. 07, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-1999-1376

    Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server Extensions allows remote attackers to execute arbitrary commands.... Read more

    Affected Products : internet_information_server
    • Published: Jan. 14, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2001-0045

    The default permissions for the RAS Administration key in Windows NT 4.0 allows local users to execute arbitrary commands by changing the value to point to a malicious DLL, aka one of the "Registry Permissions" vulnerabilities.... Read more

    Affected Products : windows_nt
    • Published: Feb. 16, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2007-2508

    Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2 Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168, which triggers an overflow in the CAgRpcClient::CreateBindin... Read more

    Affected Products : serverprotect serverprotect
    • Published: May. 08, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2015-4602

    The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an une... Read more

    • Published: May. 16, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-4603

    The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue.... Read more

    • Published: May. 16, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2002-1145

    The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updati... Read more

    Affected Products : sql_server sql_server data_engine
    • Published: Oct. 28, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-0927

    Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has unknown impact and attack vectors, probably involving shell metacharacters or .. sequences.... Read more

    Affected Products : webapp
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0101

    miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a ses... Read more

    • Published: Mar. 03, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-2529

    Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to "the utility used to update Java shared archives."... Read more

    Affected Products : java
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2015-4486

    The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data.... Read more

    • Published: Aug. 16, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293259 Results