Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2008-0768

    Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code ... Read more

    • Published: Feb. 13, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-3023

    unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.... Read more

    Affected Products : clamav clamav
    • Published: Jun. 07, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0748

    Buffer overflow in the Sony AxRUploadServer.AxRUploadControl.1 ActiveX control in AxRUploadServer.dll 1.0.0.38 in SonyISUpload.cab 1.0.0.38 for Sony ImageStation allows remote attackers to execute arbitrary code via a long argument to the SetLogging metho... Read more

    • Published: Feb. 13, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2025-48748

    Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password.... Read more

    Affected Products : directory_manager
    • Published: May. 29, 2025
    • Modified: Jun. 23, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    HIGH
    CVE-2008-0735

    SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the albums parameter.... Read more

    Affected Products : auracms
    • Published: Feb. 13, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0741

    Unspecified vulnerability in the PropFilePasswordEncoder utility in IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) has unknown impact and attack vectors.... Read more

    Affected Products : websphere_application_server
    • Published: Feb. 13, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0725

    Multiple heap-based buffer overflows in the (1) FTP service and (2) administration service in Titan FTP Server 6.0.5.549 allow remote attackers to cause a denial of service (daemon hang) and possibly execute arbitrary code via a long command. NOTE: the U... Read more

    Affected Products : ftp_server
    • Published: Feb. 12, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2025-5623

    A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to stack-based buffer over... Read more

    Affected Products : dir-816_firmware dir-816
    • Published: Jun. 05, 2025
    • Modified: Jun. 06, 2025
    • Vuln Type: Memory Corruption

  • 10.0

    HIGH
    CVE-2008-0704

    Unspecified vulnerability in the SSH server in HP OpenVMS TCP/IP Services on OpenVMS on the Alpha platform with 5.4 before ECO 7, and on the Integrity and Alpha platforms with 5.5 before ECO 3 and 5.6 before ECO 2, allows remote attackers to obtain unspec... Read more

    • Published: Mar. 28, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2019-19606

    X-Plane before 11.41 has multiple improper path validations that could allow reading and writing files from/to arbitrary paths (or a leak of OS credentials to a remote system) via crafted network packets. This could be used to execute arbitrary commands o... Read more

    Affected Products : x-plane
    • Published: Mar. 30, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-0656

    Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute.... Read more

    • Published: Feb. 07, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0639

    Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a differe... Read more

    Affected Products : windows client
    • Published: Feb. 13, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-5395

    Stack-based buffer overflow in the separate_word function in tokenize.c in Link Grammar 4.1b and possibly other versions, as used in AbiWord Link Grammar 4.2.4, allows remote attackers to execute arbitrary code via a long word, as reachable through the se... Read more

    Affected Products : link_grammar abiword_link_grammar
    • Published: Nov. 08, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2025-22504

    Unrestricted Upload of File with Dangerous Type vulnerability in jumpdemand 4ECPS Web Forms allows Upload a Web Shell to a Web Server.This issue affects 4ECPS Web Forms: from n/a through 0.2.18.... Read more

    Affected Products : 4ecps_web_forms
    • Published: Jan. 09, 2025
    • Modified: Jan. 09, 2025
    • Vuln Type: Misconfiguration

  • 10.0

    HIGH
    CVE-2007-0462

    The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted... Read more

    Affected Products : quicktime mac_os_x mac_os_x
    • Published: Jan. 26, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0568

    Unspecified vulnerability in the IP-authentication feature in the Secure Site 5.x-1.0 and 4.7.x-1.0 module for Drupal allows remote attackers to gain the privileges of a user who has authenticated from behind the same proxy server as the attacker.... Read more

    Affected Products : secure_site_module
    • Published: Feb. 05, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0532

    Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument loca... Read more

    • Published: Mar. 14, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2011-2162

    Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 (aka CS4.0); and Mandriva Enterprise Server 5 (aka MES5) have unknown impact ... Read more

    • Published: May. 20, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2019-1804

    A vulnerability in the SSH key management for the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user.... Read more

    • Published: May. 03, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-0500

    Multiple unspecified vulnerabilities in Mambo LaiThai 4.5.5 have unknown impact and attack vectors related to (1) mod_login and (2) mod_template_chooser.... Read more

    Affected Products : laithai
    • Published: Jan. 30, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 293258 Results