Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2020-29583

    Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or w... Read more

    • Actively Exploited
    • Published: Dec. 22, 2020
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2013-2343

    Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1510.... Read more

    • Published: Jul. 02, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-2278

    Unspecified vulnerability in War FTP Daemon (warftpd) 1.82, when running as a Windows service, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to log messages and the "internal l... Read more

    Affected Products : warftpd
    • Published: Apr. 01, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2013-2330

    Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1638.... Read more

    Affected Products : storage_data_protector
    • Published: Jun. 06, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-1682

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote attackers to cause a denial of service (memory corrup... Read more

    • Published: Jun. 26, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-2250

    Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, rel... Read more

    Affected Products : ofbiz open_for_business_project
    • Published: Aug. 15, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-4151

    Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-... Read more

    Affected Products : mac_os_x acrobat acrobat_reader windows
    • Published: Aug. 15, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2017-6326

    The Symantec Messaging Gateway can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process.... Read more

    Affected Products : messaging_gateway message_gateway
    • Published: Jun. 26, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2012-0468

    The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vectors re... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Apr. 25, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-25226

    A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The web server of the affected devices contains a... Read more

    • Published: Jan. 12, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-2345

    Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1869.... Read more

    Affected Products : storage_data_protector
    • Published: Jan. 04, 2014
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2004-1019

    The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and ... Read more

    Affected Products : php ubuntu_linux secure_linux openpkg
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2017-12229

    A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software. The vulnerability is... Read more

    Affected Products : ios_xe
    • Published: Sep. 29, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2020-25787

    An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.... Read more

    Affected Products : tiny_tiny_rss
    • Published: Sep. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2004-0507

    Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.... Read more

    Affected Products : ethereal propack
    • Published: Aug. 18, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2013-1948

    converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.... Read more

    Affected Products : ruby md2pdf
    • Published: Apr. 25, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2016-8717

    An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attacke... Read more

    Affected Products : awk-3131a_firmware awk-3131a
    • Published: Apr. 02, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-1902

    PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates insecure temporary files with predictable filenames, which has unspecified impact and attack vectors related to "graphical inst... Read more

    Affected Products : postgresql
    • Published: Apr. 04, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2020-1472

    An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability coul... Read more

    • Actively Exploited
    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-5257

    Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adob... Read more

    • Published: Oct. 09, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 293354 Results