Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2004-0311

    American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 through 3.0.3 and 3.21 are shipped with a default password of TENmanUFactOryPOWER, which allows remote attackers to gain unauthorized access.... Read more

    Affected Products : ap9606
    • EPSS Score: %1.28
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-2368

    Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long username to (1) the GetString function in proxy.c for the SOCKS5 module or (2) the HandleS4Conne... Read more

    Affected Products : socks_5
    • EPSS Score: %14.23
    • Published: Dec. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-1369

    jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing the options string, which allows remote attackers to execute arbitrary code via a buffer overflow attack.... Read more

    Affected Products : mac_os_x linux cups
    • EPSS Score: %9.97
    • Published: Dec. 26, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-1357

    Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH prot... Read more

    • EPSS Score: %18.47
    • Published: Dec. 23, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2001-0191

    gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a ... Read more

    Affected Products : linux xemacs gnuserv
    • EPSS Score: %1.19
    • Published: May. 03, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2001-0025

    ad.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter.... Read more

    Affected Products : ad.cgi
    • EPSS Score: %4.62
    • Published: Feb. 12, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-1047

    Buffer overflow in SMTP service of Lotus Domino 5.0.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long ENVID keyword in the "MAIL FROM" command.... Read more

    • EPSS Score: %2.80
    • Published: Dec. 11, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0623

    Buffer overflow in O'Reilly WebSite Professional web server 2.4 and earlier allows remote attackers to execute arbitrary commands via a long GET request or Referrer header.... Read more

    Affected Products : website_professional
    • EPSS Score: %3.54
    • Published: Jul. 17, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0222

    The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs.... Read more

    Affected Products : windows_2000
    • EPSS Score: %39.35
    • Published: Feb. 15, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0488

    Buffer overflow in ITHouse mail server 1.04 allows remote attackers to execute arbitrary commands via a long RCPT TO mail command.... Read more

    Affected Products : ithouse_mail_server
    • EPSS Score: %2.38
    • Published: May. 30, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0618

    The rexec service is running.... Read more

    Affected Products :
    • EPSS Score: %0.48
    • Published: Jan. 01, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2025-54253

    Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation... Read more

    • Published: Aug. 05, 2025
    • Modified: Aug. 13, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    CRITICAL
    CVE-2023-2825

    An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least... Read more

    Affected Products : gitlab
    • EPSS Score: %93.16
    • Published: May. 26, 2023
    • Modified: Jan. 15, 2025

  • 10.0

    HIGH
    CVE-2022-31800

    An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.... Read more

    • EPSS Score: %1.98
    • Published: Jun. 21, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2022-27625

    A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified ... Read more

    • EPSS Score: %1.46
    • Published: Oct. 20, 2022
    • Modified: Jan. 14, 2025

  • 10.0

    HIGH
    CVE-2022-24292

    Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution.... Read more

    • EPSS Score: %8.52
    • Published: Mar. 23, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2022-2274

    The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will h... Read more

    • EPSS Score: %56.50
    • Published: Jul. 01, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-44515

    Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code execution on the server, as exploited in the wild in December 2021. For Enterprise builds 10.1.2127.17 and earlier, upgrade to 10.1.2127.18. For Enterprise bu... Read more

    Affected Products : manageengine_desktop_central
    • Actively Exploited
    • EPSS Score: %94.31
    • Published: Dec. 12, 2021
    • Modified: Mar. 14, 2025

  • 10.0

    CRITICAL
    CVE-2021-4140

    It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox ESR < 91.5, Firefox < 96, and Thunderbird < 91.5.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • EPSS Score: %0.05
    • Published: Dec. 22, 2022
    • Modified: Apr. 16, 2025

  • 10.0

    CRITICAL
    CVE-2021-38503

    The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < ... Read more

    • EPSS Score: %1.39
    • Published: Dec. 08, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 291275 Results