Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2010-0241

    The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary c... Read more

    Affected Products : windows_server_2008 windows_vista
    • EPSS Score: %55.48
    • Published: Feb. 10, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-0145

    Unspecified vulnerability in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to execute arbitrary code via unknown vectors... Read more

    • EPSS Score: %1.36
    • Published: Feb. 11, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-0121

    The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 does not properly perform initialization, which has unspecified impact and attack vecto... Read more

    • EPSS Score: %0.40
    • Published: Dec. 14, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-4174

    Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4173, CVE-2012-4175, and CVE-2012-5273.... Read more

    Affected Products : shockwave_player
    • EPSS Score: %5.24
    • Published: Oct. 23, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-14115

    A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code.... Read more

    Affected Products : ax3600_firmware ax3600
    • EPSS Score: %0.74
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-0055

    xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows attackers to have an unspecified impact via a modified package.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.65
    • Published: Mar. 30, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2007-5329

    Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, has unknown impact and attack vectors related to memory corruption.... Read more

    • EPSS Score: %1.09
    • Published: Oct. 13, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-5156

    An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi-bin/script query string.... Read more

    • EPSS Score: %6.88
    • Published: Jun. 11, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-5154

    An issue was discovered on MOBOTIX S14 MX-V4.2.1.61 devices. There is a default password of meinsm for the admin account.... Read more

    Affected Products : s14_firmware s14
    • EPSS Score: %0.80
    • Published: Feb. 09, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-14070

    An issue was discovered in MK-AUTH 19.01. There is authentication bypass in the web login functionality because guessable credentials to admin/executar_login.php result in admin access.... Read more

    Affected Products : mk-auth
    • EPSS Score: %0.35
    • Published: Jun. 29, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-5143

    GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) acqservice user and (2) wsservice user of the Xeleris System, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or depen... Read more

    Affected Products : discovery_530c_firmware
    • EPSS Score: %0.57
    • Published: Aug. 04, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2009-5071

    Unspecified vulnerability in Palm Pre WebOS before 1.2.1 has unknown impact and attack vectors related to an "included contact template file."... Read more

    Affected Products : palm_pre_webos
    • EPSS Score: %0.79
    • Published: Apr. 19, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2009-5074

    Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.991250 has unknown impact and attack vectors.... Read more

    Affected Products : mojolicious
    • EPSS Score: %0.45
    • Published: May. 03, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2007-4584

    Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable.... Read more

    Affected Products : bitchx
    • EPSS Score: %4.63
    • Published: Aug. 29, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-4988

    Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000.... Read more

    Affected Products : business_one_2005-a
    • EPSS Score: %80.84
    • Published: Aug. 25, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    CRITICAL
    CVE-2024-11317

    Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3... Read more

    • Published: Dec. 05, 2024
    • Modified: Apr. 10, 2025

  • 10.0

    HIGH
    CVE-2013-0650

    Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and before 11.1.115.48 on Andr... Read more

    • EPSS Score: %3.65
    • Published: Mar. 13, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2009-4873

    Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service (server crash) or execute arbitrary code via a long Session cookie.... Read more

    Affected Products : serv-u
    • EPSS Score: %22.30
    • Published: May. 26, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-0615

    Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-0606, CVE-2013-0612, CVE-2013-0617, and CV... Read more

    Affected Products : acrobat acrobat_reader
    • EPSS Score: %18.04
    • Published: Jan. 10, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2011-2662

    Integer signedness error in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a negative BYWEEKNO property in a weekly RRULE variable in a VCALENDAR attachment in an e-mail message.... Read more

    Affected Products : groupwise
    • EPSS Score: %16.73
    • Published: Oct. 08, 2011
    • Modified: Apr. 11, 2025
Showing 20 of 292319 Results