Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2013-3356

    Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-3353.... Read more

    Affected Products : mac_os_x acrobat acrobat_reader windows
    • EPSS Score: %43.98
    • Published: Sep. 12, 2013
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2021-22986

    On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3 amd BIG-IQ 7.1.0.x before 7.1.0.3 and 7.0.0.x before 7.0.0.2, the iControl REST interface has an unauthenticated re... Read more

    • Actively Exploited
    • EPSS Score: %94.48
    • Published: Mar. 31, 2021
    • Modified: Apr. 02, 2025

  • 10.0

    CRITICAL
    CVE-2024-3400

    A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute ... Read more

    Affected Products : pan-os prisma_access
    • Actively Exploited
    • Published: Apr. 12, 2024
    • Modified: Nov. 29, 2024

  • 10.0

    HIGH
    CVE-2021-21985

    The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit ... Read more

    Affected Products : vcenter_server cloud_foundation
    • Actively Exploited
    • EPSS Score: %94.37
    • Published: May. 26, 2021
    • Modified: Apr. 02, 2025

  • 10.0

    HIGH
    CVE-2006-1255

    Stack-based buffer overflow in the IMAP service in Mercur Messaging 5.0 SP3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string to the (1) LOGIN or (2) SELECT command, ... Read more

    Affected Products : mercur_messaging
    • EPSS Score: %86.93
    • Published: Mar. 19, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0109

    The mcsp Client Site Processor system (MultiCSP) in Standard and Poor's ComStock is installed with several accounts that have no passwords or easily guessable default passwords.... Read more

    Affected Products : multicsp
    • EPSS Score: %2.18
    • Published: Jan. 31, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2024-2389

    In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified.  An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary s... Read more

    Affected Products : flowmon_os flowmon
    • Published: Apr. 02, 2024
    • Modified: Feb. 07, 2025

  • 10.0

    HIGH
    CVE-2001-0284

    Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option.... Read more

    Affected Products : openbsd
    • EPSS Score: %1.37
    • Published: May. 03, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2024-23109

    An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 throu... Read more

    Affected Products : fortisiem
    • EPSS Score: %4.72
    • Published: Feb. 05, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-23108

    An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 throu... Read more

    Affected Products : fortisiem
    • EPSS Score: %88.42
    • Published: Feb. 05, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-22476

    Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.... Read more

    Affected Products :
    • Published: May. 16, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2021-1834

    An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to execute arbitrary code with ker... Read more

    Affected Products : macos mac_os_x
    • EPSS Score: %1.06
    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-5348

    Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, Oracle Collaboration Suite 9.0.4.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS05.... Read more

    • EPSS Score: %0.96
    • Published: Oct. 18, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2024-1403

    In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.  The vulnerability is a bypass to authentication based on ... Read more

    Affected Products : openedge
    • Published: Feb. 27, 2024
    • Modified: Feb. 11, 2025

  • 10.0

    HIGH
    CVE-2005-3656

    Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the usernam... Read more

    Affected Products : mod_auth_pgsql
    • EPSS Score: %49.58
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-3296

    The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote attackers to list arbitrary directories as root by running the LIST command before logging in.... Read more

    Affected Products : hp-ux
    • EPSS Score: %19.98
    • Published: Oct. 23, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2023-49103

    An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party GetPhpInfo.php library that provides a URL. When this URL is accessed, it reveals the configuration details of the PH... Read more

    Affected Products : graph_api
    • Actively Exploited
    • EPSS Score: %94.34
    • Published: Nov. 21, 2023
    • Modified: Dec. 20, 2024

  • 10.0

    HIGH
    CVE-2007-1365

    Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows remote attackers to execute arbitrary code via fragmented IPv6 packets due to "incorrect mbuf handling for ICMP6 packets." NOTE: this was originally reported as a denial of service.... Read more

    Affected Products : openbsd openbsd
    • EPSS Score: %38.72
    • Published: Mar. 10, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2001-1011

    index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.... Read more

    Affected Products : mambo_site_server
    • EPSS Score: %1.70
    • Published: Jul. 25, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-2700

    ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended a... Read more

    Affected Products : ubuntu_linux debian_linux http_server
    • EPSS Score: %6.22
    • Published: Sep. 06, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 291589 Results