Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2018-1000825

    FreeCol version <= nightly-2018-08-22 contains a XML External Entity (XXE) vulnerability in FreeColXMLReader parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Freeco... Read more

    Affected Products : freecol
    • EPSS Score: %0.24
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2000-0141

    Infopop Ultimate Bulletin Board (UBB) allows remote attackers to execute commands via shell metacharacters in the topic hidden field.... Read more

    Affected Products : ultimate_bulletin_board
    • EPSS Score: %2.47
    • Published: Feb. 11, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0175

    Buffer overflow in StarOffice StarScheduler web server allows remote attackers to gain root access via a long GET command.... Read more

    Affected Products : staroffice
    • EPSS Score: %1.19
    • Published: Mar. 09, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0322

    The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execute arbitrary commands via shell metacharacters.... Read more

    Affected Products : linux
    • EPSS Score: %77.77
    • Published: Apr. 24, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0343

    Buffer overflow in Sniffit 0.3.x with the -L logging option enabled allows remote attackers to execute arbitrary commands via a long MAIL FROM mail header.... Read more

    Affected Products : sniffit
    • EPSS Score: %7.25
    • Published: May. 02, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2020-3641

    Integer overflow may occur if atom size is less than atom offset as there is improper validation of atom size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdrag... Read more

    • EPSS Score: %0.33
    • Published: Jun. 02, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-0270

    Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet.... Read more

    Affected Products : systemcastwizard_lite
    • EPSS Score: %15.57
    • Published: Jan. 26, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2000-1157

    Buffer overflow in NAI Sniffer Agent allows remote attackers to execute arbitrary commands via a long SNMP community name.... Read more

    Affected Products : sniffer_agent
    • EPSS Score: %2.33
    • Published: Jan. 09, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2001-0277

    Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request.... Read more

    Affected Products : badblue
    • EPSS Score: %5.27
    • Published: May. 03, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2001-0499

    Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD.... Read more

    Affected Products : database_server oracle8i
    • EPSS Score: %74.94
    • Published: Jul. 21, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2018-17064

    An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. An HTTP request parameter is used in command string construction within the handler function of the /goform/sylogapply route. This could lead to command injection via the syslogIp parameter af... Read more

    Affected Products : dir-816_a2_firmware dir-816_a2
    • EPSS Score: %14.54
    • Published: Sep. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-17065

    An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. Within the handler function of the /goform/DDNS route, a very long password could lead to a stack-based buffer overflow and overwrite the return address.... Read more

    Affected Products : dir-816_a2_firmware dir-816_a2
    • EPSS Score: %0.70
    • Published: Sep. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-17067

    An issue was discovered on D-Link DIR-816 A2 1.10 B05 devices. A very long password to /goform/formLogin could lead to a stack-based buffer overflow and overwrite the return address.... Read more

    Affected Products : dir-816_a2_firmware dir-816_a2
    • EPSS Score: %0.70
    • Published: Sep. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2003-0968

    Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute.... Read more

    Affected Products : freeradius
    • EPSS Score: %2.54
    • Published: Dec. 15, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2022-31125

    Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and access admin functionality by sending a specially crafted... Read more

    Affected Products : roxy-wi
    • EPSS Score: %12.86
    • Published: Jul. 06, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-2639

    Directory traversal vulnerability in TFTPdWin 0.4.2 allows remote attackers to read or modify arbitrary files outside the TFTP root via unspecified vectors.... Read more

    Affected Products : tftp_server_tftpdwin
    • EPSS Score: %3.22
    • Published: May. 13, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2001-1481

    Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.... Read more

    Affected Products : xitami
    • EPSS Score: %1.70
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-2365

    Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary commands via the shell metacharacters in the search field, as demonstrated using the "|" (pipe) character.... Read more

    Affected Products : simple_wais
    • EPSS Score: %1.59
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2017-12478

    It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands ... Read more

    Affected Products : unitrends_backup
    • EPSS Score: %71.00
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2010-4597

    Stack-based buffer overflow in the save method in the IntegraXor.Project ActiveX control in igcomm.dll in Ecava IntegraXor Human-Machine Interface (HMI) before 3.5.3900.10 allows remote attackers to execute arbitrary code via a long string in the second a... Read more

    Affected Products : integraxor
    • EPSS Score: %43.40
    • Published: Dec. 23, 2010
    • Modified: Apr. 11, 2025
Showing 20 of 291589 Results