Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2010-5307

    The HIPAA configuration interface in GE Healthcare Optima MR360 has a password of (1) operator for the root account, (2) adw2.0 for the admin account, and (3) adw2.0 for the sdc account, which has unspecified impact and attack vectors. NOTE: it is not cl... Read more

    Affected Products : optima_mr360_firmware
    • Published: Aug. 04, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2010-5286

    Directory traversal vulnerability in Jstore (com_jstore) component for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.... Read more

    Affected Products : joomla\! com_jstore
    • Published: Nov. 26, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-5034

    Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5033.... Read more

    Affected Products : atmail
    • Published: Jan. 12, 2014
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2017-3061

    Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Successful exploitation could lead to arbitrary code execution.... Read more

    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2019-7025

    Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code executi... Read more

    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-15188

    SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Code Execution (RCE). The allows remote attackers to execute any arbitrary code when the inquiry form feature is enabled by the service. The vulnerability is caused by unserializing the f... Read more

    Affected Products : soy_cms soy_cms
    • Published: Sep. 18, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8481

    For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, ... Read more

    • Published: Apr. 29, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-3079

    The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors.... Read more

    • Published: May. 01, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2005-0491

    Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows remote attackers to execute arbitrary code via a long type 77 request.... Read more

    Affected Products : arkeia_server_backup
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2008-3496

    Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors.... Read more

    Affected Products : linux_kernel
    • Published: Aug. 06, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2010-1550

    Format string vulnerability in ovet_demandpoll.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in the sel parameter.... Read more

    Affected Products : openview_network_node_manager
    • Published: May. 13, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2020-15148

    Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application calls `unserialize()` on arbitrary user input. This is fixed in version 2.0.38. A possible workaround without upgrading is available in the linked advisor... Read more

    Affected Products : yii
    • Published: Sep. 15, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-4953

    Unspecified vulnerability in the JW Calendar (jw_calendar) extension 1.3.20 and earlier for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors.... Read more

    Affected Products : typo3 jw_calendar
    • Published: Oct. 09, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-4931

    Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party... Read more

    Affected Products : php-fusion
    • Published: Oct. 09, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2016-6948

    Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service... Read more

    • Published: Oct. 13, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2010-4773

    Unspecified vulnerability in Hitachi EUR Form Client before 05-10 -/D 2010.11.15 and 05-10-CA (* 2) 2010.11.15; Hitachi EUR Form Service before 05-10 -/D 2010.11.15; and uCosminexus EUR Form Service before 07-60 -/D 2010.11.15 on Windows, before 05-10 -/D... Read more

    • Published: Mar. 23, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-4803

    Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors.... Read more

    Affected Products : mojolicious
    • Published: May. 03, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-3545

    Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidential... Read more

    Affected Products : jrockit jre jdk
    • Published: Oct. 19, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-4525

    Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors.... Read more

    Affected Products : advantech_webaccess
    • Published: Feb. 21, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-4713

    Integer signedness error in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a signed integer value in the Content-Type header.... Read more

    Affected Products : groupwise
    • Published: Jan. 31, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 293298 Results