Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2013-1221

    The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, ... Read more

    Affected Products : unified_customer_voice_portal
    • Published: May. 09, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2008-0348

    Multiple unspecified vulnerabilities in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.18, 8.48.15, and 8.49.07 have unknown impact and remote attack vectors, aka (1) PSE01, (2) PSE03, and (3) PSE04.... Read more

    • Published: Jan. 17, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2005-3267

    Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter val... Read more

    Affected Products : skype skype
    • Published: Oct. 27, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2008-0067

    Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the Op... Read more

    Affected Products : openview_network_node_manager
    • Published: Jan. 08, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0122

    Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via ... Read more

    Affected Products : freebsd bind
    • Published: Jan. 16, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0247

    Heap-based buffer overflow in the Express Backup Server service (dsmsvc.exe) in IBM Tivoli Storage Manager (TSM) Express 5.3 before 5.3.7.3 allows remote attackers to execute arbitrary code via a packet with a large length value.... Read more

    Affected Products : tivoli_storage_manager_express
    • Published: Jan. 12, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2016-3657

    Buffer overflow in the GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, 6.0.x before 6.0.13, 6.1.x before 6.1.10, and 7.0.x before 7.0.5 allows remote attackers to cause a denial of service (device crash) or possibly execute arbitrary code... Read more

    Affected Products : pan-os
    • Published: Apr. 12, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2020-24634

    An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility C... Read more

    Affected Products : arubaos sd-wan 9004 9004-lte 9012 7005 7008 7010 7024 7030 +5 more products
    • Published: Dec. 11, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-24652

    A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).... Read more

    Affected Products : intelligent_management_center
    • Published: Oct. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-24639

    There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host ope... Read more

    Affected Products : airwave_glass
    • Published: Jan. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-24633

    There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers ... Read more

    Affected Products : arubaos sd-wan 9004 9004-lte 9012 7005 7008 7010 7024 7030 +5 more products
    • Published: Dec. 11, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2013-10066

    An unauthenticated arbitrary file upload vulnerability exists in Kordil EDMS v2.2.60rc3. The application exposes an upload endpoint (users_add.php) that allows attackers to upload files to the /userpictures/ directory without authentication. This flaw ena... Read more

    Affected Products :
    • Published: Aug. 05, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Authentication

  • 10.0

    HIGH
    CVE-2013-1083

    Unspecified vulnerability in the login functionality in the Reporting Module in Novell Identity Manager (aka IDM) Roles Based Provisioning Module 4.0.2 before Field Patch C has unknown impact and attack vectors.... Read more

    • Published: Mar. 29, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-24640

    There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host o... Read more

    Affected Products : airwave_glass
    • Published: Jan. 15, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2013-10040

    ClipBucket version 2.6 and earlier contains a critical vulnerability in the ofc_upload_image.php script located at /admin_area/charts/ofc-library/. This endpoint allows unauthenticated users to upload arbitrary files, including executable PHP scripts. Onc... Read more

    Affected Products :
    • Published: Jul. 31, 2025
    • Modified: Jul. 31, 2025
    • Vuln Type: Authentication

  • 10.0

    HIGH
    CVE-2013-1080

    The web server in Novell ZENworks Configuration Management (ZCM) 10.3 and 11.2 before 11.2.4 does not properly perform authentication for zenworks/jsp/index.jsp, which allows remote attackers to conduct directory traversal attacks, and consequently upload... Read more

    Affected Products : zenworks_configuration_management
    • Published: Mar. 29, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2016-6973

    Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service... Read more

    • Published: Oct. 13, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-1842

    The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.... Read more

    Affected Products : openstack
    • Published: Apr. 10, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-7854

    Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service... Read more

    • Published: Oct. 21, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2015-2740

    Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspeci... Read more

    • Published: Jul. 06, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293259 Results