Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2001-0414

    Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.... Read more

    Affected Products : ntpd xntp3
    • Published: Jun. 18, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2011-2523

    vsftpd 2.3.4 downloaded between 20110630 and 20110703 contains a backdoor which opens a shell on port 6200/tcp.... Read more

    Affected Products : debian_linux vsftpd
    • Published: Nov. 27, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-4571

    Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors... Read more

    Affected Products : thunderbird seamonkey
    • Published: Sep. 15, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2011-2628

    Opera before 11.11 does not properly implement FRAMESET elements, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to page unload.... Read more

    Affected Products : opera_browser
    • Published: Jul. 01, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-17383

    A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an unauthenticated individual root level access to the device's file system. This can be used to identify configuration settings, password hashes for built-in accounts, an... Read more

    Affected Products : z\/ip_one_firmware z\/ip_one
    • Published: Jan. 24, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-1999-0011

    Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.... Read more

    Affected Products : aix sunos bind netbsd linux unixware openserver open_desktop unix asl_ux_4800 +1 more products
    • Published: Apr. 08, 1998
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-1999-0498

    TFTP is not running in a restricted directory, allowing a remote attacker to access sensitive information such as password files.... Read more

    Affected Products :
    • Published: Sep. 27, 1991
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-0943

    Buffer overflow in OpenLink 3.2 allows remote attackers to gain privileges via a long GET request to the web configurator.... Read more

    Affected Products : openlink
    • Published: Oct. 15, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0287

    The BizDB CGI script bizdb-search.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the dbname parameter.... Read more

    Affected Products : technology_bizdb
    • Published: Apr. 12, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2011-2475

    Format string vulnerability in ECTrace.dll in the iMailGateway service in the Internet Mail Gateway in OneBridge Server and DMZ Proxy in Sybase OneBridge Mobile Data Suite 5.5 and 5.6 allows remote attackers to execute arbitrary code via format string spe... Read more

    Affected Products : onebridge_mobile_data_suite
    • Published: Jun. 09, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-2451

    Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory ... Read more

    • Published: Nov. 11, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2004-0354

    Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in... Read more

    Affected Products : anubis
    • Published: Nov. 23, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2011-2453

    Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on Windows, Mac OS X, Linux, and Solaris and before 11.1.102.59 on Android, and Adobe AIR before 3.1.0.4880, allows attackers to execute arbitrary code or cause a denial of service (memory ... Read more

    • Published: Nov. 11, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2004-0523

    Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.... Read more

    • Published: Aug. 18, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-0541

    Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable).... Read more

    Affected Products : squid_web_proxy_cache
    • Published: Aug. 06, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2011-2446

    The DIRapi library in Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2448.... Read more

    Affected Products : shockwave_player
    • Published: Nov. 08, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2004-1012

    The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increme... Read more

    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2011-2448

    The DIRapi library in Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2446.... Read more

    Affected Products : shockwave_player
    • Published: Nov. 08, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-2447

    Adobe Shockwave Player before 11.6.3.633 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.... Read more

    Affected Products : shockwave_player
    • Published: Nov. 08, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2004-0987

    Buffer overflow in the process_menu function in yardradius 1.0.20 allows remote attackers to execute arbitrary code.... Read more

    Affected Products : yard_radius yard_radius
    • Published: Jan. 10, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292803 Results