Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2014-3829

    displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise Server 2.2 (fixed in Centreon web 2.5.3) allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) session_id or (2) template_id parameter, related to the c... Read more

    Affected Products : centreon centreon_enterprise_server
    • EPSS Score: %86.20
    • Published: Oct. 23, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-35796

    Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects CBR40 before 2.5.0.10, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 b... Read more

    • EPSS Score: %1.40
    • Published: Dec. 30, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-15965

    Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : coldfusion
    • EPSS Score: %40.11
    • Published: Sep. 25, 2018
    • Modified: May. 06, 2025

  • 10.0

    HIGH
    CVE-2014-3804

    The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_setup admin_ip, (4) sync_rserver, or (5) set_ossim_setup ... Read more

    • EPSS Score: %80.42
    • Published: Jun. 13, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-35713

    Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page.... Read more

    Affected Products : re6500_firmware re6500
    • EPSS Score: %91.81
    • Published: Dec. 26, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-3791

    Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 allows remote attackers to execute arbitrary code via a long string in a cookie UserID parameter to vfolder.ghp.... Read more

    Affected Products : easy_file_sharing_web_server
    • EPSS Score: %77.23
    • Published: May. 20, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-2882

    Unspecified vulnerability in the management GUI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 9.3-66.5 and 10.x before 10.1-122.17 has unspecified impact and vectors, related to certificate validation.... Read more

    • EPSS Score: %0.23
    • Published: May. 01, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2013-2734

    Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-20... Read more

    Affected Products : acrobat acrobat_reader
    • EPSS Score: %18.88
    • Published: May. 16, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-35665

    An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation.... Read more

    Affected Products : terramaster_operating_system tos tos
    • EPSS Score: %89.37
    • Published: Dec. 23, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-0749

    The smartcard interaction in SPICE allows remote attackers to cause a denial of service (QEMU-KVM process crash) or possibly execute arbitrary code via vectors related to connecting to a guest VM, which triggers a heap-based buffer overflow.... Read more

    • EPSS Score: %20.47
    • Published: Jun. 09, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-3177

    Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3176.... Read more

    Affected Products : chrome
    • EPSS Score: %7.76
    • Published: Aug. 27, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2011-0270

    Format string vulnerability in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in input data that involves an invalid template name.... Read more

    Affected Products : openview_network_node_manager
    • EPSS Score: %46.02
    • Published: Jan. 13, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2020-35632

    Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker ca... Read more

    • EPSS Score: %0.22
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-35634

    A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->boundary_entry_objects Sloop_of. A specially crafted... Read more

    • EPSS Score: %0.18
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-3188

    Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an e... Read more

    • EPSS Score: %3.58
    • Published: Oct. 08, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2020-35635

    A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() store_sm_boundary_item() Sloop_of OOB read. A specially crafted malformed file can lead to an o... Read more

    • EPSS Score: %0.17
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-35633

    A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() store_sm_boundary_item() Edge_of.A specially crafted malf... Read more

    • EPSS Score: %0.18
    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-35628

    A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input ... Read more

    • EPSS Score: %0.59
    • Published: Mar. 04, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-3692

    The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges.... Read more

    Affected Products : cloudforms_3.1_management_engine
    • EPSS Score: %1.70
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2013-4495

    The send_the_mail function in server/svr_mail.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 4.2.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the email (-M switch) to qsub.... Read more

    Affected Products : torque_resource_manager
    • EPSS Score: %5.42
    • Published: Nov. 20, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 292518 Results