Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2020-15434

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When par... Read more

    Affected Products : webpanel
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15429

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsin... Read more

    Affected Products : webpanel
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15422

    This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_mod_security.php. When... Read more

    Affected Products : webpanel
    • Published: Jul. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-0268

    Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long text1 parameter.... Read more

    Affected Products : openview_network_node_manager
    • Published: Jan. 13, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2019-5021

    Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed usi... Read more

    • Published: May. 08, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2015-8413

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler befor... Read more

    • Published: Dec. 10, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2011-0083

    Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem function in the implementation of SVG element lists in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to cause a denial of se... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Jun. 30, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-0058

    Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers constructi... Read more

    Affected Products : firefox seamonkey windows
    • Published: Mar. 02, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-28901

    Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Execution as root via vectors related to corrupt component installation in cmd_subsys.php.... Read more

    Affected Products : fusion
    • Published: May. 24, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-0054

    Buffer overflow in the JavaScript engine in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via vectors involving non-local JavaScript variables, aka an "upvarMap" ... Read more

    Affected Products : firefox seamonkey
    • Published: Mar. 02, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-0085

    Use-after-free vulnerability in the nsXULCommandDispatcher function in Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via a crafted XUL document that dequeues the cu... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Jun. 30, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-0072

    Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application ... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: May. 07, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-0055

    Use-after-free vulnerability in the JSON.stringify method in js3250.dll in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, might allow remote attackers to execute arbitrary code via unspecified vectors related to the js... Read more

    Affected Products : firefox seamonkey
    • Published: Mar. 02, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-0069

    Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19, 3.6.x before 3.6.17, and 4.x before 4.0.1; Thunderbird before 3.1.10; and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corrupti... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: May. 07, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-0079

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x before 4.0.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to gfx/laye... Read more

    Affected Products : firefox
    • Published: May. 07, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2010-5326

    The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 20... Read more

    • Actively Exploited
    • Published: May. 13, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2010-5324

    Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a zenworks-fileupload request with a crafted direc... Read more

    Affected Products : zenworks_configuration_management
    • Published: Jun. 07, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2011-0074

    Unspecified vulnerability in the browser engine in Mozilla Firefox 3.5.x before 3.5.19 and 3.6.x before 3.6.17, Thunderbird before 3.1.10, and SeaMonkey before 2.0.14 allows remote attackers to cause a denial of service (memory corruption and application ... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: May. 07, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-5290

    The authentication process in Adobe ColdFusion before 10 does not require knowledge of the cleartext password if the password hash is known, which makes it easier for context-dependent attackers to obtain administrative privileges by leveraging read acces... Read more

    Affected Products : coldfusion
    • Published: Sep. 20, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-5323

    Directory traversal vulnerability in UploadServlet in the Remote Management component in Novell ZENworks Configuration Management (ZCM) 10 before 10.3 allows remote attackers to execute arbitrary code via a crafted WAR pathname in the filename parameter i... Read more

    Affected Products : zenworks_configuration_management
    • Published: Jun. 07, 2015
    • Modified: Apr. 12, 2025
Showing 20 of 293298 Results