Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2020-14244

    A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the server or inject code... Read more

    Affected Products : domino
    • Published: Dec. 14, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-0447

    The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP doc... Read more

    Affected Products : openview_performance_insight
    • Published: Mar. 10, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-0418

    The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request.... Read more

    Affected Products : chumby_one chumby_classic
    • Published: Mar. 10, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-0445

    Unspecified vulnerability in HP Network Node Manager (NNM) 8.10, 8.11, 8.12, and 8.13 allows remote attackers to execute arbitrary commands via unknown vectors.... Read more

    Affected Products : network_node_manager
    • Published: Feb. 11, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-0360

    Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, relate... Read more

    Affected Products : java_system_web_server
    • Published: Jan. 20, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2013-2735

    Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-20... Read more

    Affected Products : acrobat acrobat_reader
    • Published: May. 16, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-0359

    Buffer overflow in the SSLv2 support in Zeus Web Server before 4.3r5 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in an invalid Client Hello message.... Read more

    Affected Products : zeus_web_server
    • Published: Jan. 20, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-0284

    Directory traversal vulnerability in the getEntry method in the PortalModuleInstallManager component in a servlet in nps.jar in the Administration Console (aka Access Management Console) in Novell Access Manager 3.1 before 3.1.2-281 on Windows allows remo... Read more

    Affected Products : windows access_manager
    • Published: Jun. 18, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-0269

    The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote ... Read more

    • Published: Apr. 14, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-0240

    The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows... Read more

    Affected Products : windows_server_2008 windows_vista
    • Published: Feb. 10, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-0358

    Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 FP1 allows remote attackers to cause a denial of service (daemon exit) and possibly have unspecified other impact via a long string in a crafted LDAP message to a TCP port, a different... Read more

    Affected Products : lotus_domino
    • Published: Jan. 20, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-0231

    The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy... Read more

    • Published: Feb. 10, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-0241

    The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary c... Read more

    Affected Products : windows_server_2008 windows_vista
    • Published: Feb. 10, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-0145

    Unspecified vulnerability in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to execute arbitrary code via unknown vectors... Read more

    • Published: Feb. 11, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2010-0121

    The cook codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 does not properly perform initialization, which has unspecified impact and attack vecto... Read more

    • Published: Dec. 14, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2012-4174

    Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2012-4172, CVE-2012-4173, CVE-2012-4175, and CVE-2012-5273.... Read more

    Affected Products : shockwave_player
    • Published: Oct. 23, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2020-14115

    A command injection vulnerability exists in the Xiaomi Router AX3600. The vulnerability is caused by a lack of inspection for incoming data detection. Attackers can exploit this vulnerability to execute code.... Read more

    Affected Products : ax3600_firmware ax3600
    • Published: Mar. 10, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2010-0055

    xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows attackers to have an unspecified impact via a modified package.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Mar. 30, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2007-5329

    Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp v9.01 through R11.5, and Enterprise Backup r10.5, has unknown impact and attack vectors related to memory corruption.... Read more

    • Published: Oct. 13, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-5156

    An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi-bin/script query string.... Read more

    • Published: Jun. 11, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293192 Results