Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2007-0863

    PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tc_config[rootdir] parameter to (1) upgrade.php, (2) paint_save.php, (3) menu.php, (4) manage.php, and (5) banned.php. NOTE: h... Read more

    Affected Products : trevorchan
    • EPSS Score: %4.34
    • Published: Feb. 09, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0746

    Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference".... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %35.05
    • Published: Apr. 24, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-5722

    The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in... Read more

    Affected Products : ucm6200_firmware ucm6200
    • Actively Exploited
    • EPSS Score: %90.91
    • Published: Mar. 23, 2020
    • Modified: Mar. 19, 2025

  • 10.0

    HIGH
    CVE-2007-0655

    The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan 8.0.671.1, and possibly other versions, allows remote or local attackers to gain privileges and execute arbitrary commands by connecting directly to TCP port 2222.... Read more

    Affected Products : escan
    • EPSS Score: %1.16
    • Published: May. 02, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0640

    Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses."... Read more

    Affected Products : zabbix
    • EPSS Score: %0.89
    • Published: Jan. 31, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0504

    Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2... Read more

    Affected Products : vote_pro
    • EPSS Score: %5.79
    • Published: Jan. 26, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0495

    PHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter.... Read more

    Affected Products : phpsherpa
    • EPSS Score: %1.80
    • Published: Jan. 25, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2020-28613

    Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker ca... Read more

    • EPSS Score: %0.30
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-28602

    Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker ca... Read more

    • EPSS Score: %0.38
    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-0448

    The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath... Read more

    Affected Products : php
    • EPSS Score: %2.21
    • Published: May. 24, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0466

    Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 allows remote attackers to execute arbitrary code via a crafted ASF_File_Properties_Object size field in a WMV file, which triggers memory corruption.... Read more

    • EPSS Score: %21.57
    • Published: Jan. 31, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0386

    Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to "an interesting bug."... Read more

    Affected Products : postnuke
    • EPSS Score: %0.33
    • Published: Jan. 19, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-24916

    CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.... Read more

    Affected Products : ubuntu_linux debian_linux yaws
    • EPSS Score: %39.15
    • Published: Sep. 09, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-0254

    Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors.... Read more

    Affected Products : xine-ui
    • EPSS Score: %2.20
    • Published: Jan. 16, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0236

    Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that trigge... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %49.50
    • Published: Jan. 16, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0203

    Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %0.74
    • Published: Jan. 11, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0201

    Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Firewall Toolkit (FWTK) allows remote attackers to execute arbitrary code via a long destination hostname (dest).... Read more

    Affected Products : internet_firewall_toolkit
    • EPSS Score: %6.24
    • Published: Jan. 11, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0261

    snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uplo... Read more

    Affected Products : snews snews
    • EPSS Score: %7.02
    • Published: Jan. 16, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0213

    Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.... Read more

    Affected Products : exchange_server
    • EPSS Score: %83.33
    • Published: May. 08, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-5939

    The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was o... Read more

    Affected Products : heimdal
    • EPSS Score: %1.66
    • Published: Dec. 06, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 292318 Results