Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2007-0510

    Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) preserve.c in AWFFull 3.7.1 and earlier have unknown impact and attack vectors. NOTE: some of these details are obtained from third party information. NOTE: There may not be any attack vec... Read more

    Affected Products : awffull
    • Published: Jan. 26, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0342

    Unspecified vulnerability in the Upgrade/Downgrade component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB05.... Read more

    Affected Products : database_server
    • Published: Jan. 17, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0347

    Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2; Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; and Application Server 9.0.4.3 and 10.1.2.0.2; has unknown impact and local attack vectors, aka OCS01. NOTE: Or... Read more

    • Published: Jan. 17, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0251

    Unrestricted file upload vulnerability in PhotoPost vBGallery before 2.4.2 allows remote attackers to upload and execute arbitrary files via unknown vectors.... Read more

    Affected Products : photopost_vbgallery
    • Published: Jan. 12, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0244

    SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to execute arbitrary commands via "&&" and other shell metacharacters in exec_sdbinfo and other unspecified commands, which are executed when MaxDB invokes cons.exe.... Read more

    Affected Products : maxdb
    • Published: Jan. 12, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0246

    admin.php in UploadScript 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.... Read more

    Affected Products : uploadimage uploadscript
    • Published: Jan. 12, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0235

    The Microsoft VFP_OLE_Server ActiveX control allows remote attackers to execute arbitrary code by invoking the foxcommand method.... Read more

    Affected Products : vfp_ole_server_activex_control
    • Published: Jan. 11, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0215

    Multiple unspecified vulnerabilities in HP Storage Essentials Storage Resource Management (SRM) before 6.0.0 allow remote attackers to obtain unspecified access to a managed device via unknown attack vectors.... Read more

    • Published: Feb. 12, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0176

    Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 010708_162517_6106, allow remote attackers to execute arbitrary code via unknown vectors.... Read more

    Affected Products : cimplicity
    • Published: Jan. 29, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0148

    TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request.... Read more

    Affected Products : tutos
    • Published: Jan. 09, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0082

    An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or vide... Read more

    Affected Products : windows_messenger
    • Published: Aug. 13, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0014

    Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-200... Read more

    Affected Products : serverprotect serverprotect
    • Published: Nov. 17, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0013

    Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-200... Read more

    Affected Products : serverprotect serverprotect
    • Published: Nov. 17, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0027

    Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote at... Read more

    • Published: Jan. 17, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-0012

    Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-200... Read more

    Affected Products : serverprotect serverprotect
    • Published: Nov. 17, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-6711

    Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, 2.2.6 and 2.2.7WIP1/2 allows remote attackers to gain administrator privileges via unknown vectors.... Read more

    Affected Products : freewebshop
    • Published: Mar. 24, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-6686

    The URL rewrite module in Menalto Gallery before 2.2.4 allows attackers to include and execute arbitrary local files via unknown vectors related to the admin controller.... Read more

    Affected Products : gallery
    • Published: Jan. 17, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-6685

    Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors.... Read more

    Affected Products : gallery_publish_xp_module
    • Published: Jan. 17, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-6690

    The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors.... Read more

    Affected Products : gallery
    • Published: Jan. 17, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-6721

    The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed ... Read more

    • Published: Mar. 30, 2009
    • Modified: May. 12, 2025
Showing 20 of 293261 Results