Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2008-4006

    Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.1.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.... Read more

    Affected Products : secure_backup
    • EPSS Score: %2.33
    • Published: Jan. 14, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2016-6980

    Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4263.... Read more

    Affected Products : digital_editions
    • EPSS Score: %6.52
    • Published: Sep. 26, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-0500

    Adobe Shockwave Player before 12.0.9.149 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0501.... Read more

    Affected Products : shockwave_player
    • EPSS Score: %24.48
    • Published: Feb. 12, 2014
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-3559

    Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the prev... Read more

    Affected Products : jre sdk jdk
    • EPSS Score: %13.66
    • Published: Oct. 19, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2008-4562

    Buffer overflow in the ovlaunch CGI program in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 on Windows allows remote attackers to execute arbitrary code via a crafted Host parameter. NOTE: this issue may be partially covered by CVE-2009-... Read more

    Affected Products : openview_network_node_manager
    • EPSS Score: %5.57
    • Published: Feb. 08, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-5749

    install.php in Minecraft Servers List Lite before commit c1cd164 and Premium Minecraft Servers List before 2.0.4 does not sanitize input before saving database connection information in connect.php, which might allow remote attackers to execute arbitrary ... Read more

    • EPSS Score: %3.15
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-3742

    The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times.... Read more

    Affected Products : kdebase
    • EPSS Score: %0.39
    • Published: Sep. 06, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2022-30105

    In Belkin N300 Firmware 1.00.08, the script located at /setting_hidden.asp, which is accessible before and after configuring the device, exhibits multiple remote command injection vulnerabilities. The following parameters in the [form name] form; [list vu... Read more

    Affected Products : n300 n300_firmware
    • EPSS Score: %3.58
    • Published: May. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-39615

    D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet an... Read more

    Affected Products : dsr-500n_firmware dsr-500n
    • EPSS Score: %2.20
    • Published: Aug. 23, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-5306

    GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default password of #bigguy for the root user, which has unspecified impact and attack vectors.... Read more

    • EPSS Score: %1.61
    • Published: Aug. 04, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2013-4983

    The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.... Read more

    • EPSS Score: %92.69
    • Published: Sep. 10, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-0271

    The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 do not properly validate an unspecified parameter, which allows remote attackers to execute arbitrary commands by using a command string for this parameter's value, related to a "c... Read more

    Affected Products : openview_network_node_manager
    • EPSS Score: %26.60
    • Published: Jan. 13, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-4235

    Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header.... Read more

    Affected Products : helix_server helix_mobile_server
    • EPSS Score: %4.35
    • Published: Apr. 04, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2009-0228

    Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a crafted ShareName in a response to an RPC request,... Read more

    Affected Products : windows_2000
    • EPSS Score: %41.21
    • Published: Jun. 10, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2011-0914

    Integer signedness error in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP client request, leading to a heap-based buffer overflow.... Read more

    Affected Products : lotus_domino
    • EPSS Score: %11.11
    • Published: Feb. 08, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2020-14606

    Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications Applications (component: User Interface). Supported versions that are affected are 8.2 and 9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access v... Read more

    Affected Products : sd-wan_edge
    • EPSS Score: %2.04
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-20695

    A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) Software could allow an unauthenticated, remote attacker to bypass authentication controls and log in to the device through the management interface This vulnerabil... Read more

    • EPSS Score: %0.25
    • Published: Apr. 15, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-49327

    Unrestricted Upload of File with Dangerous Type vulnerability in Asep Bagja Priandana Woostagram Connect allows Upload a Web Shell to a Web Server.This issue affects Woostagram Connect: from n/a through 1.0.2.... Read more

    Affected Products : woostagram_connect
    • Published: Oct. 20, 2024
    • Modified: Oct. 24, 2024

  • 10.0

    HIGH
    CVE-2006-0256

    Unspecified vulnerability in the Advanced Queuing component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.6, 10.1.0.3 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB01.... Read more

    Affected Products : database_server
    • EPSS Score: %1.14
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2024-8878

    The password recovery mechanism for the forgotten password in Riello Netman 204 allows an attacker to reset the admin password and take over control of the device.This issue affects Netman 204: through 4.05.... Read more

    Affected Products : netman_204_firmware netman_204
    • Published: Sep. 25, 2024
    • Modified: Sep. 30, 2024
Showing 20 of 291520 Results