Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2020-29390

    Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character.... Read more

    Affected Products : zeroshell
    • EPSS Score: %87.95
    • Published: Nov. 30, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-4454

    Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availabi... Read more

    Affected Products : jre sdk jdk
    • EPSS Score: %7.41
    • Published: Feb. 17, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-4033

    Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors.... Read more

    Affected Products : wordpress zingiri_web_shop
    • EPSS Score: %1.40
    • Published: Jul. 18, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2017-6361

    QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.... Read more

    Affected Products : qts
    • EPSS Score: %90.51
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2020-21224

    A Remote Code Execution vulnerability has been found in Inspur ClusterEngine V4.0. A remote attacker can send a malicious login packet to the control server... Read more

    Affected Products : clusterengine
    • EPSS Score: %92.14
    • Published: Feb. 22, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-3966

    Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a neg... Read more

    • EPSS Score: %3.66
    • Published: Aug. 29, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-3970

    Use-after-free vulnerability in the nsTArray_base::Length function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attackers to execute ar... Read more

    • EPSS Score: %2.74
    • Published: Aug. 29, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-3958

    Use-after-free vulnerability in the nsHTMLEditRules::DeleteNonTableElements function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allows remote attac... Read more

    • EPSS Score: %2.13
    • Published: Aug. 29, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-3797

    Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in Pro-face Pro-Server EX 1.30.000 and earlier, does not properly check packet sizes before reusing packet memory buffers, which allows remote attackers to cause a denial of service (heap memo... Read more

    Affected Products : pro-server_ex wingp_pc_runtime
    • EPSS Score: %49.20
    • Published: Jun. 25, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2005-3344

    The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access.... Read more

    Affected Products : horde
    • EPSS Score: %10.15
    • Published: Nov. 16, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2011-0065

    Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.... Read more

    Affected Products : firefox seamonkey
    • EPSS Score: %83.26
    • Published: May. 07, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-0073

    Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, does not properly use nsTreeRange data structures, which allows remote attackers to execute arbitrary code via unspecified vectors that lead to a "dangling pointer."... Read more

    Affected Products : firefox seamonkey
    • EPSS Score: %81.16
    • Published: May. 07, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-0077

    Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application ... Read more

    Affected Products : firefox thunderbird seamonkey
    • EPSS Score: %3.13
    • Published: May. 07, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2015-6788

    The ObjectBackedNativeHandler class in extensions/renderer/object_backed_native_handler.cc in the extensions subsystem in Google Chrome before 47.0.2526.80 improperly implements handler functions, which allows remote attackers to cause a denial of service... Read more

    Affected Products : chrome
    • EPSS Score: %4.25
    • Published: Dec. 14, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2007-6693

    Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a "proxied request."... Read more

    Affected Products : gallery_webcam_module
    • EPSS Score: %0.63
    • Published: Jan. 17, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2012-3576

    Unrestricted file upload vulnerability in php/upload.php in the wpStoreCart plugin before 2.5.30 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to th... Read more

    Affected Products : wordpress wpstorecart
    • EPSS Score: %48.71
    • Published: Jun. 16, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-3561

    Opera before 11.64 does not properly allocate memory for URL strings, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted string.... Read more

    Affected Products : opera_browser
    • EPSS Score: %10.22
    • Published: Jun. 14, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-3506

    Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.... Read more

    Affected Products : ofbiz open_for_business_project
    • EPSS Score: %4.16
    • Published: Oct. 25, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2005-2541

    Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.... Read more

    Affected Products : tar
    • EPSS Score: %3.25
    • Published: Aug. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2012-3416

    Condor before 7.8.2 allows remote attackers to bypass host-based authentication and execute actions such as ALLOW_ADMINISTRATOR or ALLOW_WRITE by connecting from a system with a spoofed reverse DNS hostname.... Read more

    Affected Products : condor
    • EPSS Score: %1.88
    • Published: Aug. 25, 2012
    • Modified: Apr. 11, 2025
Showing 20 of 292495 Results