Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2014-4151

    The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows remote attackers to create arbitrary files and execute arbitrary code via a crafted set_file request.... Read more

    • EPSS Score: %11.38
    • Published: Jun. 18, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2009-1636

    Multiple buffer overflows in the Internet Agent (aka GWIA) component in Novell GroupWise 7.x before 7.03 HP3 and 8.x before 8.0 HP2 allow remote attackers to execute arbitrary code via (1) a crafted e-mail address in an SMTP session or (2) an SMTP command... Read more

    Affected Products : groupwise
    • EPSS Score: %68.14
    • Published: May. 26, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2014-4073

    Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via vectors involving Internet Explorer, aka ".NET ClickOnce... Read more

    Affected Products : .net_framework
    • EPSS Score: %29.99
    • Published: Oct. 15, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2007-0062

    Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, AC... Read more

    • EPSS Score: %5.40
    • Published: Sep. 21, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2014-1537

    Use-after-free vulnerability in the mozilla::dom::workers::WorkerPrivateParent function in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.... Read more

    Affected Products : firefox
    • EPSS Score: %1.51
    • Published: Jun. 11, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2009-4212

    Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly exec... Read more

    Affected Products : kerberos_5 kerberos
    • EPSS Score: %20.91
    • Published: Jan. 13, 2010
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-2815

    The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private... Read more

    Affected Products : internet_information_services iis
    • EPSS Score: %56.43
    • Published: May. 22, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-35851

    HGiga MailSherlock does not validate specific parameters properly. Attackers can use the vulnerability to launch Command inject attacks remotely and execute arbitrary commands of the system.... Read more

    • EPSS Score: %0.77
    • Published: Dec. 31, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2003-0522

    Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 allow remote attackers to (1) gain access to the admin control panel via the idadmin parameter to login.asp or (2) gain other privileges via the Email parameter to Custva.asp.... Read more

    Affected Products : productcart
    • EPSS Score: %0.46
    • Published: Aug. 18, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0528

    Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed RPC request with a long filename parameter, a different vulnerability than CVE-200... Read more

    • EPSS Score: %67.37
    • Published: Sep. 17, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2013-2473

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and a... Read more

    Affected Products : jdk jre jre jdk
    • EPSS Score: %27.32
    • Published: Jun. 18, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-3327

    Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on Windows and Mac OS X, before 10.3.183.86 and 11.x before 11.2.202.285 on Linux, before 11.1.111.54 on Android 2.x and 3.x, and before 11.1.115.58 on Android 4.x; Adobe AIR before 3.7.0.... Read more

    • EPSS Score: %4.00
    • Published: May. 16, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2008-2041

    Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have unspecified attack vectors and "grave" impact when the web server has write access to a directory under the web document root.... Read more

    Affected Products : egroupware
    • EPSS Score: %0.53
    • Published: Apr. 30, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2014-3984

    Multiple unspecified vulnerabilities in Libav before 0.8.12 allow remote attackers to have unknown impact and vectors.... Read more

    Affected Products : libav
    • EPSS Score: %10.16
    • Published: Jun. 06, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-3914

    Directory traversal vulnerability in the Admin Center for Tivoli Storage Manager (TSM) in Rocket ServerGraph 1.2 allows remote attackers to (1) create arbitrary files via a .. (dot dot) in the query parameter in a writeDataFile action to the fileRequestor... Read more

    Affected Products : rocket_servergraph
    • EPSS Score: %81.11
    • Published: Aug. 07, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-0457

    Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.... Read more

    • EPSS Score: %10.87
    • Published: Apr. 16, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2012-5965

    Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code vi... Read more

    Affected Products : portable_sdk_for_upnp
    • EPSS Score: %69.49
    • Published: Jan. 31, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2014-2523

    net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers... Read more

    Affected Products : linux_kernel ubuntu_linux
    • EPSS Score: %3.56
    • Published: Mar. 24, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-0294

    Microsoft Forefront Protection 2010 for Exchange Server does not properly parse e-mail content, which might allow remote attackers to execute arbitrary code via a crafted message, aka "RCE Vulnerability."... Read more

    • EPSS Score: %27.21
    • Published: Feb. 12, 2014
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2014-3829

    displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the c... Read more

    Affected Products : centreon centreon_enterprise_server
    • EPSS Score: %86.20
    • Published: Oct. 23, 2014
    • Modified: Apr. 12, 2025
Showing 20 of 292425 Results