Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2012-6693

    GE Healthcare Centricity PACS 4.0 Server has a default password of (1) nasro for the nasro (ReadOnly) user and (2) nasrw for the nasrw (Read/Write) user, which has unspecified impact and attack vectors.... Read more

    Affected Products : centricity_pacs_server
    • Published: Aug. 04, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2012-6593

    Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows remote attackers to execute arbitrary commands via unspecified vectors, aka Ref ID 30088.... Read more

    Affected Products : pan-os
    • Published: Aug. 31, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-6552

    Unspecified vulnerability in admin/action.php in phpVMS 2.1.x before 2.1.935 has unknown impact and attack vectors.... Read more

    Affected Products : phpvms
    • Published: May. 10, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-6603

    The web management UI in Palo Alto Networks PAN-OS before 3.1.12, 4.0.x before 4.0.10, and 4.1.x before 4.1.4 allows remote attackers to bypass authentication and obtain administrator privileges via unspecified vectors, aka Ref ID 37034.... Read more

    Affected Products : pan-os
    • Published: Aug. 31, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2009-1138

    The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is ... Read more

    Affected Products : windows_2000
    • Published: Jun. 10, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2012-6503

    Unspecified vulnerability in the NinjaXplorer component before 1.0.7 for Joomla! has unknown impact and attack vectors.... Read more

    Affected Products : joomla\! com_ninjaxplorer
    • Published: Jan. 24, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-1555

    Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid Hostname parameter.... Read more

    Affected Products : openview_network_node_manager
    • Published: May. 13, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-6428

    The Carlo Gavazzi EOS-Box stores hard-coded passwords in the PHP file of the device. By using the hard-coded passwords, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access.... Read more

    • Published: Dec. 23, 2012
    • Modified: Jul. 01, 2025

  • 10.0

    HIGH
    CVE-2016-2324

    Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.... Read more

    • Published: Apr. 08, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2012-6299

    Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12.5 before SP15, and r12.6 GA allows remote attackers to bypass intended access restrictions via unknown vectors.... Read more

    Affected Products : identityminder
    • Published: Dec. 26, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-6275

    Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAnt IM Message Server allow remote attackers to have an unspecified impact via (1) the filename header in an SCH request or (2) the userid component in a DUPF request.... Read more

    Affected Products : bigant_im_message_server
    • Published: Feb. 24, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-2329

    Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1637.... Read more

    Affected Products : storage_data_protector
    • Published: Jun. 06, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-22724

    A remote command execution vulnerability exists in add_server_service of PPTP_SERVER in Mercury Router MER1200 v1.0.1 and Mercury Router MER1200G v1.0.1.... Read more

    • Published: Oct. 14, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-3074

    Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.... Read more

    Affected Products : firefox
    • Published: Sep. 10, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2012-6068

    The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener ... Read more

    Affected Products : codesys_runtime_system
    • Published: Jan. 21, 2013
    • Modified: Jul. 02, 2025

  • 10.0

    HIGH
    CVE-2018-12798

    Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.... Read more

    • Published: Jul. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-6067

    freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to bypass authentication via a crafted SFTP session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.... Read more

    Affected Products : freeftpd
    • Published: Dec. 04, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-5973

    CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote attackers to execute arbitrary commands via a crafted request.... Read more

    Affected Products : xcom_data_transport
    • Published: Dec. 10, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2024-23109

    An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 throu... Read more

    Affected Products : fortisiem
    • Published: Feb. 05, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-5962

    Stack-based buffer overflow in the unique_service_name function in ssdp/ssdp_server.c in the SSDP parser in the portable SDK for UPnP Devices (aka libupnp, formerly the Intel SDK for UPnP devices) 1.3.1 allows remote attackers to execute arbitrary code vi... Read more

    Affected Products : portable_sdk_for_upnp
    • Published: Jan. 31, 2013
    • Modified: Apr. 11, 2025
Showing 20 of 292774 Results