Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2009-2465

    Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving double frame construction, related to (1) nsHTMLContentSink.cpp, (2... Read more

    Affected Products : firefox thunderbird
    • EPSS Score: %6.14
    • Published: Jul. 22, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2464

    The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrar... Read more

    Affected Products : firefox thunderbird seamonkey
    • EPSS Score: %19.94
    • Published: Jul. 22, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2281

    Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a large HT... Read more

    Affected Products : mapserver mapserver
    • EPSS Score: %11.50
    • Published: Oct. 23, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-1916

    dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the ns parameter.... Read more

    Affected Products : dns_tools
    • EPSS Score: %4.68
    • Published: Jun. 04, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-1301

    Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding... Read more

    Affected Products : mpg123
    • EPSS Score: %8.80
    • Published: Apr. 16, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-1266

    Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact and attack vectors.... Read more

    Affected Products : wireshark
    • EPSS Score: %0.47
    • Published: Apr. 21, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-1174

    The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 and 7.0 before 7.0.0.3 has an unspecified "security problem" in the XML digital-signature specification, which has unknown impact and attack vectors.... Read more

    Affected Products : websphere_application_server
    • EPSS Score: %1.15
    • Published: Mar. 31, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-0414

    Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impact and remote attack vectors that trigger heap corruption.... Read more

    Affected Products : tor tor
    • EPSS Score: %1.47
    • Published: Feb. 03, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-0352

    Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary ... Read more

    Affected Products : firefox thunderbird seamonkey
    • EPSS Score: %8.53
    • Published: Feb. 04, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-5244

    Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad.... Read more

    Affected Products : xine-lib
    • EPSS Score: %0.44
    • Published: Nov. 26, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2024-49611

    Unrestricted Upload of File with Dangerous Type vulnerability in Paxman Product Website Showcase allows Upload a Web Shell to a Web Server.This issue affects Product Website Showcase: from n/a through 1.0.... Read more

    Affected Products : product_website_showcase
    • Published: Oct. 20, 2024
    • Modified: Oct. 23, 2024

  • 10.0

    HIGH
    CVE-2008-4559

    HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the (1) webappmon.exe or (2) OpenView5.exe CGI program. NOTE: this issue may be partially cove... Read more

    Affected Products : openview_network_node_manager
    • EPSS Score: %3.97
    • Published: Feb. 08, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-4404

    The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeries servers does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic... Read more

    Affected Products : zseries
    • EPSS Score: %1.53
    • Published: Oct. 03, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-4221

    The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted date string, related to improper memory allocat... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.89
    • Published: Dec. 17, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-4038

    Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted... Read more

    • EPSS Score: %70.22
    • Published: Oct. 15, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-3694

    Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMw... Read more

    Affected Products : player server workstation ace
    • EPSS Score: %1.24
    • Published: Sep. 03, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2014-9371

    The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object.... Read more

    Affected Products : manageengine_desktop_central
    • EPSS Score: %10.22
    • Published: Dec. 16, 2014
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2008-3479

    Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of param... Read more

    Affected Products : office windows_2000
    • EPSS Score: %65.92
    • Published: Oct. 15, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-3466

    Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to ... Read more

    • EPSS Score: %84.72
    • Published: Oct. 15, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-2928

    Multiple buffer overflows in the adminutil library in CGI applications in Red Hat Directory Server 7.1 before SP7 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted Accept-Language HTTP head... Read more

    Affected Products : directory_server
    • EPSS Score: %23.55
    • Published: Aug. 29, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 291891 Results