Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2002-2159

    Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the firmware 1.42.7 upgrade installed opens TCP port 5678 for remote administration even when the "Block WAN" and "Remote Admin" options are disabled, which allows remote attackers to gain acc... Read more

    Affected Products : befsr41 befsr11 befsru31
    • EPSS Score: %0.93
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2010-0140

    Multiple unspecified vulnerabilities in the web server in Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before 6.0.639.3, and possibly 5 allow remote attackers to create (1) user or (2) administrator accounts via a crafted URL in a request to ... Read more

    Affected Products : unified_meetingplace
    • EPSS Score: %0.64
    • Published: Jan. 28, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2002-2257

    Stack-based buffer overflow in the parse_field function in cgi_lib.c for LIBCGI 1.0.2 and 1.0.3 allows remote attackers to execute arbitrary code via a long argument.... Read more

    Affected Products : libcgi
    • EPSS Score: %5.38
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-2236

    Format string vulnerability in the awp_log function in apt-www-proxy 0.1 allows remote attackers to execute arbitrary code.... Read more

    Affected Products : apt-www-proxy
    • EPSS Score: %3.35
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2021-43984

    mySCADA myPRO: Versions 8.20.0 and prior has a feature where the firmware can be updated, which may allow an attacker to inject arbitrary operating system commands through a specific parameter.... Read more

    Affected Products : mypro
    • EPSS Score: %0.28
    • Published: Dec. 23, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2002-2248

    Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class implementation in Netscape 4.0 allows remote attackers to execute arbitrary code via an applet that calls the WDefaultFontCharset constructor with a long string and invokes the canConve... Read more

    Affected Products : communicator
    • EPSS Score: %4.87
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2011-1568

    Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to cause a denial of service and p... Read more

    Affected Products : igss
    • EPSS Score: %51.08
    • Published: Apr. 05, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2015-7292

    Stack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows attackers to cause a denial of service (panic) or possibly have unspecified other impact via a long string to /dev/hv.... Read more

    Affected Products : fire_os
    • EPSS Score: %0.41
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2008-2832

    Unrestricted file upload vulnerability in calendar_admin.asp in Full Revolution aspWebCalendar 2008 allows remote attackers to upload and execute arbitrary code via the FILE1 parameter in an uploadfileprocess action, probably followed by a direct request ... Read more

    Affected Products : aspwebcalendar2008
    • EPSS Score: %6.29
    • Published: Jun. 24, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-1910

    Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 SP2 allows remote attackers to execute arbitrary code via a malformed opcode 0x52 request to TCP port 3050. NOTE: this might overlap CVE-2007-5243 or CVE-2007-524... Read more

    Affected Products : interbase
    • EPSS Score: %7.34
    • Published: Apr. 22, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2014-0604

    Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to the StartLog method.... Read more

    Affected Products : reflection_ftp_client
    • EPSS Score: %10.68
    • Published: Feb. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2010-3758

    Multiple stack-based buffer overflows in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allow remote attackers to execute arbitrary code via vectors involving the (1) AGI_S... Read more

    Affected Products : tivoli_storage_manager_fastback
    • EPSS Score: %35.41
    • Published: Oct. 05, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2014-0607

    Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file.... Read more

    Affected Products : verastream_process_designer
    • EPSS Score: %6.84
    • Published: Jul. 24, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2017-18145

    In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, while the DPM native process is processing framework e... Read more

    • EPSS Score: %0.22
    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-1999-0048

    Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges.... Read more

    Affected Products : aix asl_ux_4800 ews-ux_v up-ux_v netkit
    • EPSS Score: %1.28
    • Published: Jan. 27, 1997
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2008-0824

    Unspecified vulnerability in the php2phps function in Claroline before 1.8.9 has unknown impact and attack vectors.... Read more

    Affected Products : caroline
    • EPSS Score: %0.40
    • Published: Feb. 19, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1465

    Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 allows remote attackers to execute arbitrary code via a long DNS query packet to UDP port 53.... Read more

    Affected Products : dproxy
    • EPSS Score: %26.15
    • Published: Mar. 24, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2010-2771

    solid.exe in IBM solidDB before 6.5 FP2 allows remote attackers to execute arbitrary code via a long username field in the first handshake packet.... Read more

    Affected Products : soliddb
    • EPSS Score: %8.46
    • Published: Jul. 22, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-1948

    converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.... Read more

    Affected Products : ruby md2pdf
    • EPSS Score: %0.92
    • Published: Apr. 25, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-1999-0073

    Telnet allows a remote client to specify environment variables including LD_LIBRARY_PATH, allowing an attacker to bypass the normal system libraries and gain root access.... Read more

    Affected Products : irix unix osf_1
    • EPSS Score: %0.26
    • Published: Oct. 13, 1995
    • Modified: Apr. 03, 2025
Showing 20 of 291358 Results