Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2007-1372

    PHP remote file inclusion vulnerability in styles/internal/header.php in the PostGuestbook 0.6.1 module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the tpl_pgb_moddir parameter.... Read more

    Affected Products : postguestbook
    • Published: Mar. 10, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1393

    PHP remote file inclusion vulnerability in mysave.php in Magic CMS 4.2.747 allows remote attackers to execute arbitrary PHP code via a URL in the file parameter.... Read more

    Affected Products : magic_cms
    • Published: Mar. 10, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1319

    Unspecified vulnerability in the IOPCServer::RemoveGroup function in the OPCDA interface in Takebishi Electric DeviceXPlorer OLE for Process Control (OPC) Server before 3.12 Build3 allows remote attackers to execute arbitrary code via unspecified vectors ... Read more

    Affected Products : devicexplorer_opc_server
    • Published: Mar. 19, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1373

    Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961.... Read more

    Affected Products : mercury_mail_transport_system
    • Published: Mar. 10, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1329

    Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are r... Read more

    Affected Products : ledgersmb sql-ledger
    • Published: Mar. 07, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1257

    The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address.... Read more

    • Published: Mar. 03, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1225

    The connection log file implementation in Grok Developments NetProxy 4.03 does not record requests that omit http:// in a URL, which might allow remote attackers to conduct unauthorized activities and avoid detection.... Read more

    Affected Products : netproxy
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1173

    Multiple buffer overflows in the CentennialIPTransferServer service (XFERWAN.EXE), as used by (1) Centennial Discovery 2006 Feature Pack 1, (2) Numara Asset Manager 8.0, and (3) Symantec Discovery 6.5, allow remote attackers to execute arbitrary code via ... Read more

    Affected Products : discovery asset_manager discovery
    • Published: May. 16, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-26097

    The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affect... Read more

    • Published: Nov. 18, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-0889

    Unspecified vulnerability in HP Client Automation Enterprise (aka HPCA or Radia Notify) 5.11, 7.2, 7.5, 7.8, and 7.9 allows remote attackers to execute arbitrary code via unknown vectors.... Read more

    Affected Products : client_automation_enterprise
    • Published: Mar. 16, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2007-1093

    Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager (NNM) before 07-10-05, and before 08-00-02 in the 08-x series, allow remote attackers to execute arbitrary code, cause a denial of service, or trigger invalid Web utility behavior.... Read more

    • Published: Feb. 26, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1097

    Unrestricted file upload vulnerability in the onAttachFiles function in the upload tool (inc/lib/attachment.lib.php) in Wiclear before 0.11.1 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to filename vali... Read more

    Affected Products : wiclear
    • Published: Feb. 26, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1070

    Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows wh... Read more

    • Published: Feb. 21, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2023-49103

    An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PH... Read more

    Affected Products : graph_api
    • Actively Exploited
    • Published: Nov. 21, 2023
    • Modified: Dec. 20, 2024

  • 10.0

    HIGH
    CVE-2007-1112

    Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe methods in the (a) AXKLPROD60Lib.KAV60Info (AxKLProd60.dll) and (b) AXKLSYSINFOLib.SysInfo (AxKLSysInfo.dll) ActiveX controls, which allows remote attackers to "download" or delete arbitrar... Read more

    • Published: Apr. 06, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1073

    Static code injection vulnerability in install.php in mcRefer allows remote attackers to execute arbitrary PHP code via the bgcolor parameter, which is inserted into mcrconf.inc.php.... Read more

    Affected Products : mcrefer
    • Published: Feb. 22, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1062

    The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the ad... Read more

    • Published: Feb. 22, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1052

    PHP remote file inclusion vulnerability in index.php in PBLang (PBL) 4.60 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dbpath parameter, a different vector than CVE-2006-5062. NOTE: this issue has been disputed by a ... Read more

    Affected Products : pblang
    • Published: Feb. 21, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1053

    Multiple PHP remote file inclusion vulnerabilities in phpXmms 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the tcmdp parameter to (1) phpxmmsb.php or (2) phpxmmst.php. NOTE: this issue has been disputed by a reliable third party,... Read more

    Affected Products : phpxmms
    • Published: Feb. 21, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1045

    mAlbum 0.3 has default accounts (1) "login"/"pass" for its administrative account and (2) "dqsfg"/"sdfg", which allows remote attackers to gain privileges.... Read more

    Affected Products : malbum
    • Published: Feb. 21, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 293284 Results