Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2005-1015

    Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.... Read more

    Affected Products : imapd
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2020-10789

    openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php.... Read more

    Affected Products : openitcockpit
    • Published: Mar. 25, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2012-4176

    Array index error in Adobe Shockwave Player before 11.6.8.638 allows attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : shockwave_player
    • Published: Oct. 23, 2012
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2019-9933

    Various Lexmark products have a Buffer Overflow (issue 3 of 3).... Read more

    • Published: Aug. 28, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-4690

    lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx is configured as a URL handler, allows remote attackers to execute arbitrary commands via a crafted lynxcgi: URL, a related issue to CVE-2005-2929. NOTE: this might only be a vulnerabil... Read more

    Affected Products : lynx
    • Published: Oct. 22, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2019-9884

    eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to bypass the password validation and access management page.... Read more

    Affected Products : eclass_ip
    • Published: Jul. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2005-0636

    Format string vulnerability in Foxmail Server 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the USER command.... Read more

    Affected Products : foxmail_email_server
    • Published: Mar. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-0684

    Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebDAV fu... Read more

    Affected Products : maxdb
    • Published: Apr. 25, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2019-9901

    Envoy 1.9.0 and before does not normalize HTTP URL paths. A remote attacker may craft a relative path, e.g., something/../admin, to bypass access control, e.g., a block on /admin. A backend server could then interpret the non-normalized path and provide a... Read more

    Affected Products : envoy
    • Published: Apr. 25, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-11134

    Possible stack out of bound write might happen due to time bitmap length and bit duration fields of the attributes like NAN ranging setup attribute inside a NAN management frame are not Properly validated in Snapdragon Auto, Snapdragon Compute, Snapdragon... Read more

    • Published: Jun. 09, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2005-0551

    Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provid... Read more

    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-0520

    ArGoSoft FTP Server before 1.4.2.8 allows remote attackers to read arbitrary files via shortcut (.LNK) files in the SITE COPY command, a different vulnerability than CVE-2005-0519.... Read more

    Affected Products : ftp_server
    • Published: Feb. 23, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2020-11138

    Uninitialized pointers accessed during music play back with incorrect bit stream due to an uninitialized heap memory result in instability in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,... Read more

    Affected Products : apq8009 apq8009w apq8017 apq8030 apq8037 apq8052 apq8053 apq8056 apq8062 apq8064 +481 more products
    • Published: Jan. 21, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2005-0353

    Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel License Manager 7.2.0.2 allows remote attackers to execute arbitrary code by sending a large amount of data to UDP port 5093.... Read more

    Affected Products : sentinel_license_manager
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2008-4023

    Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."... Read more

    Affected Products : windows_2000
    • Published: Oct. 15, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2021-22941

    Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller.... Read more

    Affected Products : sharefile_storagezones_controller
    • Actively Exploited
    • Published: Sep. 23, 2021
    • Modified: Mar. 13, 2025

  • 10.0

    CRITICAL
    CVE-2019-9548

    Citrix Application Delivery Management (ADM) 12.1.x before 12.1.50.33 has Incorrect Access Control.... Read more

    Affected Products : application_delivery_management
    • Published: Jun. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2005-0065

    The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka "TCP sequence number checking"), which makes it easier for attack... Read more

    Affected Products : tcp
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-0050

    The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and po... Read more

    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2004-2764

    Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to... Read more

    Affected Products : jre sdk
    • Published: Jun. 02, 2009
    • Modified: Apr. 09, 2025
Showing 20 of 293284 Results