Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2020-12271

    A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020. This affected devices configured with either the administration (HTTPS) service or the User Portal ... Read more

    Affected Products : sfos xg_firewall
    • Actively Exploited
    • EPSS Score: %83.19
    • Published: Apr. 27, 2020
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2008-4397

    Directory traversal vulnerability in the RPC interface (asdbapi.dll) in CA ARCserve Backup (formerly BrightStor ARCserve Backup) r11.1 through r12.0 allows remote attackers to execute arbitrary commands via a .. (dot dot) in an RPC call with opnum 0x10A.... Read more

    • EPSS Score: %85.82
    • Published: Oct. 14, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2020-12389

    The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76.... Read more

    Affected Products : firefox firefox_esr windows
    • EPSS Score: %0.56
    • Published: May. 26, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-4390

    The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 sends cleartext configuration data in response to a Setup Wizard remote-management command, which allows remote attackers to obtain sensitive information such as passwords by sniffing th... Read more

    • EPSS Score: %3.84
    • Published: Dec. 09, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-12125

    A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication.... Read more

    Affected Products : wn530h4_firmware wn530h4
    • EPSS Score: %5.94
    • Published: Oct. 02, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-4383

    Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 ... Read more

    Affected Products : aos omniswitch
    • EPSS Score: %27.07
    • Published: Oct. 03, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-11975

    Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.... Read more

    Affected Products : unomi
    • EPSS Score: %82.71
    • Published: Jun. 05, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-2547

    Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to "insecure environment variable" handling.... Read more

    Affected Products : sapdba
    • EPSS Score: %1.52
    • Published: May. 23, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2008-4358

    Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP Edition before 2.0.8.1 has unknown impact and attack vectors, probably related to directory traversal sequences in the theme name.... Read more

    Affected Products : spaw_php
    • EPSS Score: %0.85
    • Published: Sep. 30, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-2430

    IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges.... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %2.07
    • Published: May. 17, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2020-11854

    Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Appli... Read more

    • EPSS Score: %91.28
    • Published: Oct. 27, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11831

    OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1.... Read more

    Affected Products : ovoicemanager
    • EPSS Score: %0.36
    • Published: Nov. 19, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11856

    Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR.... Read more

    Affected Products : operation_bridge_reporter
    • EPSS Score: %3.53
    • Published: Sep. 22, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-2324

    180solutions Zango downloads "required Adware components" without checking integrity or authenticity, which might allow context-dependent attackers to execute arbitrary code by subverting the DNS resolution of static.zangocash.com.... Read more

    Affected Products : zango
    • EPSS Score: %0.63
    • Published: May. 12, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2016-7002

    Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service... Read more

    • EPSS Score: %5.96
    • Published: Oct. 13, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2008-4318

    Observer 0.3.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter to (1) whois.php or (2) netcmd.php.... Read more

    Affected Products : observer
    • EPSS Score: %4.74
    • Published: Sep. 29, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-4301

    A certain ActiveX control in iisext.dll in Microsoft Internet Information Services (IIS) allows remote attackers to set a password via a string argument to the SetPassword method. NOTE: this issue could not be reproduced by a reliable third party. In ad... Read more

    Affected Products : internet_information_services
    • EPSS Score: %31.09
    • Published: Sep. 29, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-11698

    An issue was discovered in Titan SpamTitan 7.07. Improper input sanitization of the parameter community on the page snmp-x.php would allow a remote attacker to inject commands into the file snmpd.conf that would allow executing commands on the target serv... Read more

    Affected Products : spamtitan
    • EPSS Score: %83.12
    • Published: Sep. 17, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-2077

    Buffer overflow in Paul Rombouts pdnsd before 1.2.4 has unknown impact and attack vectors. NOTE: this issue might be related to the OUSPG PROTOS DNS test suite.... Read more

    Affected Products : pdnsd
    • EPSS Score: %2.05
    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-2074

    Unspecified vulnerability in Juniper Networks JUNOSe E-series routers before 7-1-1 has unknown impact and remote attack vectors related to the DNS "client code," as demonstrated by the OUSPG PROTOS DNS test suite.... Read more

    Affected Products : junose
    • EPSS Score: %1.29
    • Published: Apr. 27, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 292495 Results