Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-1999-0935

    classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form.... Read more

    Affected Products :
    • Published: Dec. 15, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0248

    The web GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux Piranha package has a backdoor password that allows remote attackers to execute arbitrary commands.... Read more

    Affected Products : linux
    • Published: Apr. 24, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2001-0187

    Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment.... Read more

    Affected Products : wu-ftpd
    • Published: Mar. 26, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2014-3496

    cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 through 2.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a Source-Url ending with a (1) .tar.gz, (2) .zip, (3) .tgz, or (4) .tar file extension in a ca... Read more

    Affected Products : openshift openshift_origin
    • Published: Jun. 20, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2002-0391

    Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array throu... Read more

    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-5355

    Unspecified vulnerability in Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.1.0, Collaboration Suite 9.0.4.2 and 10.1.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote at... Read more

    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2000-0398

    Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent allows remote attackers to execute arbitrary commands via a long query_string parameter in the HTTP GET request.... Read more

    Affected Products : mailsite
    • Published: May. 24, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2020-35462

    Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the CoScale agent container may allow a remote attacker to achieve root access with a blank password.... Read more

    Affected Products : coscale_agent
    • Published: Dec. 15, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2004-0039

    Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbit... Read more

    Affected Products : firewall-1 vpn-1_firewall-1
    • Published: Mar. 03, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2020-35464

    Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user. Systems deployed using affected versions of the Weave Cloud Agent container may allow a remote attacker to achieve root access with a blank password.... Read more

    Affected Products : cloud_agent
    • Published: Dec. 15, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2004-0393

    Format string vulnerability in the msg function for rlpr daemon (rlprd) 2.0.4 allows remote attackers to execute arbitrary code via format string specifiers in a buffer that can not be resolved, which is provided to the syslog function.... Read more

    Affected Products : rlpr
    • Published: Dec. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2020-35458

    An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_me_id parameter in the login_from_cookie cookie. The user logout routine could be used by unauthenticated remote attackers to... Read more

    Affected Products : hawk
    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-1748

    Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing... Read more

    Affected Products : windows_2000 windows_2003_server
    • Published: Apr. 13, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-35467

    The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote attacker to achieve root access with a blank password.... Read more

    Affected Products : docs
    • Published: Dec. 15, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-3412

    Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when the firewall in disabled, allows remote attackers to execute arbitrary commands via unspecified vectors.... Read more

    • Published: May. 20, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-3418

    config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter.... Read more

    Affected Products : netmri
    • Published: Jul. 15, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2004-2284

    The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument.... Read more

    Affected Products : open_webmail
    • Published: Dec. 31, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0467

    Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot 20020125 allows remote attackers to execute arbitrary code via (1) address_match() of mystring.c or (2) other functions in tolist.c.... Read more

    Affected Products : ecartis listar
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2020-35191

    The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user. System using the drupal docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root a... Read more

    Affected Products : drupal_docker_images
    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-35195

    The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user. System using the haproxy docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root acc... Read more

    Affected Products : haproxy_docker_image
    • Published: Dec. 17, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 294470 Results