Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2009-1730

    Multiple directory traversal vulnerabilities in NetMechanica NetDecision TFTP Server 4.2 allow remote attackers to read or modify arbitrary files via directory traversal sequences in the (1) GET or (2) PUT command.... Read more

    Affected Products : netdecision_tftp_server
    • EPSS Score: %62.30
    • Published: May. 20, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-1473

    The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier fo... Read more

    • EPSS Score: %1.06
    • Published: May. 27, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2003-1573

    The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequat... Read more

    Affected Products : j2ee
    • EPSS Score: %3.44
    • Published: Jun. 01, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2004-2764

    Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to... Read more

    Affected Products : jre sdk
    • EPSS Score: %1.07
    • Published: Jun. 02, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-6824

    The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it easier for remote attackers to obtain access.... Read more

    Affected Products : wl54ap2 wl54ap3
    • EPSS Score: %2.66
    • Published: Jun. 04, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-6826

    dhtml.pl in MHF Media Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter, as demonstrated using the (1) advert_top.htm or (2) advert_login.htm pages.... Read more

    Affected Products : ads_pro
    • EPSS Score: %5.15
    • Published: Jun. 08, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-1420

    Stack-based buffer overflow in rping in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when used with SNMP (aka HPOvNNM.HPOVSNMP) before 1.30.009 and MIB (aka HPOvNNM.HPOVMIB) before 1.30.009, allows remote attackers to execute arbitrary code or... Read more

    • EPSS Score: %14.43
    • Published: Jun. 11, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2038

    Unspecified vulnerability in the Finnish Bank Payment module 2.2 for osCommerce has unknown impact and attack vectors related to bank charges.... Read more

    Affected Products : oscommerce finnish_bank_payment
    • EPSS Score: %0.47
    • Published: Jun. 12, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-6834

    Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 and 3.01a allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the s parameter to code/commupdate.php in a count action or (2) the heads paramete... Read more

    Affected Products : fuzzylime_\(cms\)
    • EPSS Score: %1.40
    • Published: Jun. 22, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2300

    The management interface in the phion airlock Web Application Firewall (WAF) 4.1-10.41 does not properly handle CGI requests that specify large width and height parameters for an image, which allows remote attackers to execute arbitrary commands or cause ... Read more

    Affected Products : airlock_web_application_firewall
    • EPSS Score: %1.71
    • Published: Jul. 02, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2548

    Format string vulnerability in Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in... Read more

    Affected Products : arma arma_2
    • EPSS Score: %6.66
    • Published: Jul. 20, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-6935

    Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an im:// URI.... Read more

    Affected Products : exodus
    • EPSS Score: %12.12
    • Published: Aug. 11, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-6937

    Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an xmpp:// URI, a different vector than CVE-2008-6935 and CV... Read more

    Affected Products : exodus
    • EPSS Score: %3.56
    • Published: Aug. 11, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-1048

    The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make ar... Read more

    • EPSS Score: %0.92
    • Published: Aug. 14, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-7010

    Skalfa Software SkaLinks Exchange Script 1.5 allows remote attackers to add new administrators and gain privileges via a direct request to admin/register.php.... Read more

    Affected Products : exchange_script
    • EPSS Score: %2.54
    • Published: Aug. 19, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-7122

    Multiple insecure method vulnerabilities in an ActiveX control in (epRegPro.ocx) in Evans Programming Registry Pro allow remote attackers to read and modify sensitive registry keys via the (1) About, (2) CreateKey, (3) DeleteBranch, (4) DeleteKey, (5) Del... Read more

    Affected Products : registry_pro
    • EPSS Score: %0.82
    • Published: Aug. 31, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-7126

    Integer overflow in osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet with a large string length value to UDP port... Read more

    Affected Products : visibroker
    • EPSS Score: %11.39
    • Published: Aug. 31, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-7149

    Unspecified vulnerability in AgileWiki before 0.10.1 has unknown impact and attack vectors related to passwords.... Read more

    Affected Products : agilewiki
    • EPSS Score: %0.33
    • Published: Sep. 01, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-7158

    Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) transcriptFile parameter to MRcgi/MRchat.pl or (2) LOADFILE parameter to MRcgi/MRABLoad2.pl. NOTE: some of... Read more

    Affected Products : footprints
    • EPSS Score: %4.54
    • Published: Sep. 02, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-7174

    Multiple buffer overflows in the Jura Internet Connection Kit for the Jura Impressa F90 coffee maker allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors related to improper use of the get... Read more

    • EPSS Score: %3.45
    • Published: Sep. 08, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 290954 Results