Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2008-2192

    Static code injection vulnerability in box/minichat/boxpop.php in IT!CMS (aka itcms) 1.9 allows remote attackers to inject arbitrary PHP code into box/MiniChat/data/shouts.php via the shout parameter.... Read more

    Affected Products : itcms
    • Published: May. 14, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2019-20217

    D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishandled. The value of the urn: service/device is checked wit... Read more

    Affected Products : dir-859_firmware dir-859
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-0230

    Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests.... Read more

    Affected Products : antivirus_scan_engine
    • Published: Apr. 25, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-0273

    Unspecified vulnerability in the Portal component of Oracle Application Server 9.0.4.2 and 10.1.2.0 has unspecified impact and attack vectors, as identified by Oracle Vuln# AS01.... Read more

    Affected Products : application_server
    • Published: Jan. 18, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2021-32494

    Radare2 has a division by zero vulnerability in Mach-O parser's rebase_buffer function. This allow attackers to create malicious inputs that can cause denial of service. ... Read more

    Affected Products : radare2
    • Published: Jul. 07, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-8178

    Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks.... Read more

    Affected Products : jison
    • Published: Jul. 15, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-20215

    D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via a urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because HTTP_ST is mishandled. The value of the urn: service/device is checked with th... Read more

    Affected Products : dir-859_firmware dir-859
    • Published: Jan. 29, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-2161

    Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet. NOTE: some of these details are obtained from third party information.... Read more

    Affected Products : all_windows tftp_server_sp
    • Published: May. 12, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-2158

    Multiple stack-based buffer overflows in the Command Line Interface process in the Server Agent in EMC AlphaStor 3.1 SP1 for Windows allow remote attackers to execute arbitrary code via crafted TCP packets to port 41025.... Read more

    Affected Products : alphastor alphastor
    • Published: May. 29, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-2157

    robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows allows remote attackers to execute arbitrary commands via an unspecified string field in a packet to TCP port 3500.... Read more

    Affected Products : alphastor alphastor
    • Published: May. 29, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-0697

    Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests.... Read more

    Affected Products : zen_cart
    • Published: Feb. 15, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2008-2077

    Unspecified vulnerability in Plain Black WebGUI 7.4.34 has unknown impact and attack vectors related to "data form list view."... Read more

    Affected Products : webgui
    • Published: May. 05, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-2064

    Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have unknown impact and attack vectors related to "a fundamental design flaw in the interface (API) to connect phpGedView with external programs like content management systems."... Read more

    Affected Products : phpgedview
    • Published: May. 02, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-2050

    Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.... Read more

    Affected Products : php
    • Published: May. 05, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-19990

    In the /HNAP1/SetWiFiVerifyAlpha message, the WPSPIN parameter is vulnerable, and the vulnerability affects D-Link DIR-822 B1 202KRb06 devices. In the SetWiFiVerifyAlpha.php source code, the WPSPIN parameter is saved in the $rphyinf1."/media/wps/enrollee/... Read more

    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-1989

    PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.... Read more

    Affected Products : e107 123_flash_chat_module
    • Published: Apr. 27, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-18439

    DENX U-Boot through 2018.09-rc1 has a remotely exploitable buffer overflow via a malicious TFTP server because TFTP traffic is mishandled. Also, local exploitation can occur via a crafted kernel image.... Read more

    Affected Products : u-boot
    • Published: Nov. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-1000832

    ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of confidential data, denial of service, SSRF, remote code execution.... Read more

    Affected Products : zoneminder
    • Published: Dec. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-1922

    Multiple stack-based buffer overflows in Sarg might allow attackers to execute arbitrary code via unknown vectors, probably a crafted Squid log file.... Read more

    Affected Products : squid_analysis_report_generator
    • Published: May. 13, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-1914

    Stack-based buffer overflow in the AntServer module (AntServer.exe) in BigAnt IM Server in BigAnt Messenger 2.2 allows remote attackers to execute arbitrary code via a long URI in a request to TCP port 6080. NOTE: some of these details are obtained from t... Read more

    Affected Products : bigant_messenger
    • Published: Apr. 22, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 292803 Results