Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2013-2345

    Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1869.... Read more

    Affected Products : storage_data_protector
    • Published: Jan. 04, 2014
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2004-1019

    The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and ... Read more

    Affected Products : php ubuntu_linux secure_linux openpkg
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2017-12229

    A vulnerability in the REST API of the web-based user interface (web UI) of Cisco IOS XE 3.1 through 16.5 could allow an unauthenticated, remote attacker to bypass authentication to the REST API of the web UI of the affected software. The vulnerability is... Read more

    Affected Products : ios_xe
    • Published: Sep. 29, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2020-25787

    An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.... Read more

    Affected Products : tiny_tiny_rss
    • Published: Sep. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2004-0507

    Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.... Read more

    Affected Products : ethereal propack
    • Published: Aug. 18, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2013-1948

    converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.... Read more

    Affected Products : ruby md2pdf
    • Published: Apr. 25, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2016-8717

    An exploitable Use of Hard-coded Credentials vulnerability exists in the Moxa AWK-3131A Wireless Access Point running firmware 1.1. The device operating system contains an undocumented, privileged (root) account with hard-coded credentials, giving attacke... Read more

    Affected Products : awk-3131a_firmware awk-3131a
    • Published: Apr. 02, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-1902

    PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates insecure temporary files with predictable filenames, which has unspecified impact and attack vectors related to "graphical inst... Read more

    Affected Products : postgresql
    • Published: Apr. 04, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2020-1472

    An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability coul... Read more

    • Actively Exploited
    • Published: Aug. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-5257

    Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29 and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android 2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adob... Read more

    • Published: Oct. 09, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-1682

    Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans, a different vulnerabili... Read more

    Affected Products : jdk jre
    • Published: Aug. 30, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-1777

    The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute a... Read more

    • Published: Jul. 11, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-1705

    Heap-based buffer underflow in the cryptojs_interpret_key_gen_type function in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Certifica... Read more

    Affected Products : firefox seamonkey
    • Published: Aug. 07, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-0692

    The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to execute arbitrary code by connecting t... Read more

    • Published: Oct. 03, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-1702

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknow... Read more

    Affected Products : firefox seamonkey
    • Published: Aug. 07, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2024-23652

    BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoin... Read more

    Affected Products : buildkit
    • Published: Jan. 31, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-0788

    The remoting module in Jenkins before 1.650 and LTS before 1.642.2 allows remote attackers to execute arbitrary code by opening a JRMP listener.... Read more

    Affected Products : openshift jenkins
    • Published: Apr. 07, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2013-1669

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 21.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.... Read more

    Affected Products : firefox
    • Published: May. 16, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-0384

    The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code ... Read more

    • Published: Feb. 25, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-1680

    Use-after-free vulnerability in the nsFrameList::FirstChild function in Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allows remote attackers to execute arbitrary code or cau... Read more

    • Published: May. 16, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 293564 Results