Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2007-1097

    Unrestricted file upload vulnerability in the onAttachFiles function in the upload tool (inc/lib/attachment.lib.php) in Wiclear before 0.11.1 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to filename vali... Read more

    Affected Products : wiclear
    • EPSS Score: %0.78
    • Published: Feb. 26, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1070

    Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows wh... Read more

    • EPSS Score: %78.12
    • Published: Feb. 21, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2023-49103

    An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PH... Read more

    Affected Products : graph_api
    • Actively Exploited
    • EPSS Score: %94.34
    • Published: Nov. 21, 2023
    • Modified: Dec. 20, 2024

  • 10.0

    HIGH
    CVE-2007-1112

    Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrar... Read more

    • EPSS Score: %3.91
    • Published: Apr. 06, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1073

    Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter, which is inserted into mcrconf.inc.php.... Read more

    Affected Products : mcrefer
    • EPSS Score: %0.98
    • Published: Feb. 22, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1062

    The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the ad... Read more

    • EPSS Score: %4.14
    • Published: Feb. 22, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1052

    PHP remote file inclusion vulnerability in index.php in PBLang (PBL) 4.60 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dbpath parameter, a different vector than CVE-2006-5062. NOTE: this issue has been disputed by a ... Read more

    Affected Products : pblang
    • EPSS Score: %0.97
    • Published: Feb. 21, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1053

    Multiple PHP remote file inclusion vulnerabilities in phpXmms 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the tcmdp parameter to (1) phpxmmsb.php or (2) phpxmmst.php. NOTE: this issue has been disputed by a reliable third party,... Read more

    Affected Products : phpxmms
    • EPSS Score: %0.99
    • Published: Feb. 21, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1045

    mAlbum 0.3 has default accounts (1) "login"/"pass" for its administrative account and (2) "dqsfg"/"sdfg", which allows remote attackers to gain privileges.... Read more

    Affected Products : malbum
    • EPSS Score: %1.35
    • Published: Feb. 21, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1024

    PHP remote file inclusion vulnerability in include.php in Meganoide's news 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter.... Read more

    Affected Products : meganoides_news
    • EPSS Score: %2.49
    • Published: Feb. 21, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1021

    SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter.... Read more

    Affected Products : codeavalanche_news
    • EPSS Score: %0.55
    • Published: Feb. 21, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1014

    Stack-based buffer overflow in VicFTPS before 5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long CWD command.... Read more

    Affected Products : vicftps
    • EPSS Score: %21.54
    • Published: Feb. 21, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1013

    PHP remote file inclusion vulnerability in generate.php in VirtualSystem Htaccess Passwort Generator 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the ht_pfad parameter.... Read more

    Affected Products : htaccess_passwort_generator
    • EPSS Score: %5.70
    • Published: Feb. 21, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1015

    SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via the id parameter.... Read more

    Affected Products : aktueldownload_haber_script
    • EPSS Score: %0.26
    • Published: Feb. 21, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2021-22205

    An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.... Read more

    Affected Products : gitlab
    • Actively Exploited
    • EPSS Score: %94.47
    • Published: Apr. 23, 2021
    • Modified: Mar. 13, 2025

  • 10.0

    HIGH
    CVE-2007-0976

    Buffer overflow in the ActSoft DVD-Tools ActiveX control (dvdtools.ocx) allows remote attackers to execute arbitrary code via a long DVD_TOOLS.OpenDVD property value.... Read more

    Affected Products : actsoft_dvd_tools
    • EPSS Score: %20.74
    • Published: Feb. 16, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0956

    The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.... Read more

    Affected Products : ubuntu_linux debian_linux kerberos_5
    • EPSS Score: %35.94
    • Published: Apr. 06, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0886

    Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via certain base64-encoded data on the pop3 port (110/tcp), which triggers an integer ... Read more

    • EPSS Score: %26.07
    • Published: Feb. 12, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0938

    Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."... Read more

    Affected Products : content_management_server
    • EPSS Score: %38.20
    • Published: Apr. 10, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0882

    Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log ... Read more

    Affected Products : solaris sunos solaris
    • EPSS Score: %91.35
    • Published: Feb. 12, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 292488 Results