Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2019-1821

    A vulnerability in the web-based management interface of Cisco Prime Infrastructure (PI) and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute code with root-level privileges on the underlying operat... Read more

    • Published: May. 16, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-16926

    Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing) to execute arbitrary code as the user running Ohcount.... Read more

    Affected Products : ohcount
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2019-1723

    A vulnerability in the Cisco Common Services Platform Collector (CSPC) could allow an unauthenticated, remote attacker to access an affected device by using an account that has a default, static password. This account does not have administrator privilege... Read more

    • Published: Mar. 13, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-1704

    Multiple buffer overflows in TIBCO Software Enterprise Message Service (EMS) before 4.4.3, and iProcess Engine 10.6.0 through 10.6.1, allow remote attackers to execute arbitrary code via a crafted message to the EMS server.... Read more

    • Published: Apr. 11, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-1697

    Stack-based buffer overflow in ovwparser.dll in HP OpenView Network Node Manager (OV NNM) 7.53, 7.51, and earlier allows remote attackers to execute arbitrary code via a long URI in an HTTP request processed by ovas.exe, as demonstrated by a certain topol... Read more

    Affected Products : openview_network_node_manager
    • Published: Apr. 08, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-1681

    Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 has unknown impact and attack vectors related to the AllowedTrustedLogin privilege.... Read more

    Affected Products : db2_content_manager
    • Published: Apr. 04, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-1690

    WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a long URI in HTTP requests to TCP port 801. NOTE: s... Read more

    Affected Products : slmail_pro
    • Published: Apr. 07, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-1668

    ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote att... Read more

    Affected Products : hp-ux
    • Published: Aug. 13, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2005-4730

    Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact and attack vectors, related to "problematic seeding" of the random number generator, possibly predictable seeds.... Read more

    Affected Products : text_password
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2008-1666

    Unspecified vulnerability in HP Oracle for OpenView (OfO) 8.1.7, 9.1.01, 9.2, 9.2.0, 10g, and 10gR2 has unknown impact and attack vectors, possibly related to the July 2008 Oracle Critical Patch Update.... Read more

    Affected Products : oracle_for_openview
    • Published: Jul. 17, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-1661

    Stack-based buffer overflow in DoubleTake.exe in HP StorageWorks Storage Mirroring (SWSM) before 4.5 SP2 allows remote attackers to execute arbitrary code via a crafted encoded authentication request.... Read more

    Affected Products : storageworks_storage_mirroring
    • Published: Jun. 04, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-1662

    Unspecified vulnerability in the HP System Administration Manager (SAM) on HP-UX B.11.11 and B.11.23, when used to configure NFS, might allow remote attackers to read or modify arbitrary files, related to an "empty systems list."... Read more

    Affected Products : hp-ux system_administration_manager
    • Published: Aug. 01, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-1633

    Unspecified vulnerability in Mondo Rescue before 2.2.5 has unknown impact and attack vectors, related to the use of (1) /tmp and (2) MINDI_CACHE.... Read more

    Affected Products : rescue
    • Published: Apr. 02, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2019-1620

    A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to upload arbitrary files on an affected device. The vulnerability is due to incorrect permission settings in... Read more

    • Published: Jun. 27, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-1673

    The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which a... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Jun. 10, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-1602

    Stack-based buffer overflow in Orbit downloader 2.6.3 and 2.6.4 allows remote attackers to execute arbitrary code via a long download URL, which is not properly handled during Unicode conversion for a balloon notification after a download has failed.... Read more

    Affected Products : orbit_downloader
    • Published: Apr. 06, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-1611

    Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read or write request.... Read more

    Affected Products : winagents_tftp_server
    • Published: Apr. 01, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2025-41656

    An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configured by default.... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2025-34054

    An unauthenticated command injection vulnerability exists in AVTECH DVR devices via Search.cgi?action=cgi_query. The use of wget without input sanitization allows attackers to inject shell commands through the username or queryb64str parameters, executing... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Injection

  • 10.0

    CRITICAL
    CVE-2025-34060

    A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the /get/image/ endpoint. The application passes a user-supplied link parameter directly to file_get_contents(... Read more

    Affected Products :
    • Published: Jul. 01, 2025
    • Modified: Jul. 03, 2025
    • Vuln Type: Injection
Showing 20 of 292803 Results