Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2007-0976

    Buffer overflow in the ActSoft DVD-Tools ActiveX control (dvdtools.ocx) allows remote attackers to execute arbitrary code via a long DVD_TOOLS.OpenDVD property value.... Read more

    Affected Products : actsoft_dvd_tools
    • Published: Feb. 16, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0956

    The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote attackers to bypass authentication and gain system access via a username beginning with a '-' character, a similar issue to CVE-2007-0882.... Read more

    Affected Products : ubuntu_linux debian_linux kerberos_5
    • Published: Apr. 06, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0886

    Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via certain base64-encoded data on the pop3 port (110/tcp), which triggers an integer ... Read more

    • Published: Feb. 12, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0938

    Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."... Read more

    Affected Products : content_management_server
    • Published: Apr. 10, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0882

    Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log ... Read more

    Affected Products : solaris sunos solaris
    • Published: Feb. 12, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0915

    Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers to overwrite arbitrary files and gain privileges via a crafted RPC request.... Read more

    Affected Products : hp-ux
    • Published: Feb. 14, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0863

    PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tc_config[rootdir] parameter to (1) upgrade.php, (2) paint_save.php, (3) menu.php, (4) manage.php, and (5) banned.php. NOTE: h... Read more

    Affected Products : trevorchan
    • Published: Feb. 09, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0746

    Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference".... Read more

    Affected Products : mac_os_x mac_os_x_server
    • Published: Apr. 24, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-5722

    The HTTP interface of the Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. An attacker can use this vulnerability to execute shell commands as root on versions before 1.0.19.20 or inject HTML in... Read more

    Affected Products : ucm6200_firmware ucm6200
    • Actively Exploited
    • Published: Mar. 23, 2020
    • Modified: Mar. 19, 2025

  • 10.0

    HIGH
    CVE-2007-0655

    The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan 8.0.671.1, and possibly other versions, allows remote or local attackers to gain privileges and execute arbitrary commands by connecting directly to TCP port 2222.... Read more

    Affected Products : escan
    • Published: May. 02, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0640

    Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses."... Read more

    Affected Products : zabbix
    • Published: Jan. 31, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0504

    Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2... Read more

    Affected Products : vote_pro
    • Published: Jan. 26, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0495

    PHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter.... Read more

    Affected Products : phpsherpa
    • Published: Jan. 25, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2020-28613

    Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker ca... Read more

    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-28602

    Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker ca... Read more

    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-0448

    The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath... Read more

    Affected Products : php
    • Published: May. 24, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0466

    Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 allows remote attackers to execute arbitrary code via a crafted ASF_File_Properties_Object size field in a WMV file, which triggers memory corruption.... Read more

    • Published: Jan. 31, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0386

    Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to "an interesting bug."... Read more

    Affected Products : postnuke
    • Published: Jan. 19, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2020-24916

    CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.... Read more

    Affected Products : ubuntu_linux debian_linux yaws
    • Published: Sep. 09, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-0254

    Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors.... Read more

    Affected Products : xine-ui
    • Published: Jan. 16, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 292795 Results