Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2020-35633

    A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() store_sm_boundary_item() Edge_of.A specially crafted malf... Read more

    • Published: Aug. 30, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-35628

    A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input ... Read more

    • Published: Mar. 04, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-3692

    The customization template in Red Hat CloudForms 3.1 Management Engine (CFME) 5.3 uses a default password for the root account when a password is not specified for a new image, which allows remote attackers to gain privileges.... Read more

    Affected Products : cloudforms_3.1_management_engine
    • Published: Jan. 16, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2013-4495

    The send_the_mail function in server/svr_mail.c in Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 4.2.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the email (-M switch) to qsub.... Read more

    Affected Products : torque_resource_manager
    • Published: Nov. 20, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2020-35629

    Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker ca... Read more

    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-0282

    Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) has unspecified impact and attack... Read more

    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0935

    classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form.... Read more

    Affected Products :
    • Published: Dec. 15, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0248

    The web GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux Piranha package has a backdoor password that allows remote attackers to execute arbitrary commands.... Read more

    Affected Products : linux
    • Published: Apr. 24, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2001-0187

    Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment.... Read more

    Affected Products : wu-ftpd
    • Published: Mar. 26, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2014-3496

    cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a ca... Read more

    Affected Products : openshift openshift_origin
    • Published: Jun. 20, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2002-0391

    Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array throu... Read more

    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-5355

    Unspecified vulnerability in Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.1.0, Collaboration Suite 9.0.4.2 and 10.1.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote at... Read more

    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2000-0398

    Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent allows remote attackers to execute arbitrary commands via a long query_string parameter in the HTTP GET request.... Read more

    Affected Products : mailsite
    • Published: May. 24, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2020-35462

    Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the CoScale agent container may allow a remote attacker to achieve root access with a blank password.... Read more

    Affected Products : coscale_agent
    • Published: Dec. 15, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2004-0039

    Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbit... Read more

    Affected Products : firewall-1 vpn-1_firewall-1
    • Published: Mar. 03, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2020-35464

    Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the Weave Cloud Agent container may allow a remote attacker to achieve root access with a blank password.... Read more

    Affected Products : cloud_agent
    • Published: Dec. 15, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2004-0393

    Format string vulnerability in the msg function for rlpr daemon (rlprd) 2.0.4 allows remote attackers to execute arbitrary code via format string specifiers in a buffer that can not be resolved, which is provided to the syslog function.... Read more

    Affected Products : rlpr
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2020-35458

    An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_me_id parameter in the login_from_cookie cookie. The user logout routine could be used by unauthenticated remote attackers to... Read more

    Affected Products : hawk
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-1748

    Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing... Read more

    Affected Products : windows_2000 windows_2003_server
    • Published: Apr. 13, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-35467

    The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote attacker to achieve root access with a blank password.... Read more

    Affected Products : docs
    • Published: Dec. 15, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292803 Results