Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2002-2374

    Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files."... Read more

    Affected Products : patchpro
    • EPSS Score: %0.15
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2020-2320

    Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads.... Read more

    Affected Products : installation_manager_tool
    • EPSS Score: %0.48
    • Published: Dec. 03, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-1000116

    Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.... Read more

    • EPSS Score: %1.13
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-6015

    Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-201... Read more

    • EPSS Score: %19.92
    • Published: Jan. 22, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-2650

    Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface... Read more

    • EPSS Score: %5.27
    • Published: Jan. 09, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-2624

    Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2264.... Read more

    Affected Products : network_node_manager_i
    • EPSS Score: %77.36
    • Published: Sep. 11, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-2617

    Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2104.... Read more

    • EPSS Score: %41.20
    • Published: Jul. 07, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-2623

    Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.... Read more

    Affected Products : storage_data_protector
    • EPSS Score: %89.84
    • Published: Jul. 18, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-2609

    The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka ZDI-CAN-2116.... Read more

    Affected Products : executive_scorecard
    • EPSS Score: %26.17
    • Published: Jun. 19, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2017-12542

    A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found.... Read more

    • EPSS Score: %94.18
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-1063

    Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service... Read more

    • EPSS Score: %5.72
    • Published: May. 11, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1088

    Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service... Read more

    • EPSS Score: %5.11
    • Published: May. 11, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-1095

    Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service... Read more

    • EPSS Score: %5.72
    • Published: May. 11, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2014-2363

    Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.... Read more

    Affected Products : itemiser_3
    • EPSS Score: %0.62
    • Published: Jul. 26, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2009-2412

    Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via v... Read more

    Affected Products : portable_runtime apr-util
    • EPSS Score: %5.56
    • Published: Aug. 06, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2662

    The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to the TraceRecorder::snapshot function in js/sr... Read more

    Affected Products : firefox
    • EPSS Score: %7.48
    • Published: Aug. 04, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2011-1018

    logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in a log file name, as demonstrated via a crafted username to a Samba server.... Read more

    Affected Products : logwatch
    • EPSS Score: %22.71
    • Published: Feb. 25, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2009-2694

    The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corr... Read more

    Affected Products : pidgin adium
    • EPSS Score: %34.58
    • Published: Aug. 21, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-29575

    The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root... Read more

    Affected Products : elixir_alpine_docker_image
    • EPSS Score: %2.07
    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-29580

    The official storm Docker images before 1.2.1 contain a blank password for a root user. Systems using the Storm Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.... Read more

    Affected Products : storm_docker_image
    • EPSS Score: %2.07
    • Published: Dec. 08, 2020
    • Modified: Nov. 21, 2024
Showing 20 of 292485 Results