Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2009-4176

    Multiple heap-based buffer overflows in ovsessionmgr.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter to ovlogin.exe.... Read more

    Affected Products : openview_network_node_manager
    • Published: Dec. 10, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-2869

    Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 has unknown impact and remote attack vectors.... Read more

    Affected Products : avast_antivirus
    • Published: Jun. 06, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2009-3953

    The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDec... Read more

    • Actively Exploited
    • Published: Jan. 13, 2010
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-3846

    Multiple heap-based buffer overflows in ovlogin.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter.... Read more

    Affected Products : openview_network_node_manager
    • Published: Dec. 10, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-3732

    Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : player server workstation ace windows
    • Published: Apr. 12, 2010
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2009-3699

    Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to proce... Read more

    Affected Products : aix vios
    • Published: Oct. 15, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-3517

    nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly use the nfs_portmon setting, which allows remote attackers to bypass intended access restrictions for NFSv4 shares via unspecified vectors.... Read more

    Affected Products : aix
    • Published: Oct. 01, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-3071

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unkno... Read more

    Affected Products : firefox
    • Published: Sep. 10, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-3070

    Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.14 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.... Read more

    Affected Products : firefox
    • Published: Sep. 10, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2017-7108

    An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged con... Read more

    Affected Products : iphone_os tvos watchos
    • Published: Oct. 23, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2018-5782

    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethos... Read more

    Affected Products : connect_onsite st14.2
    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-5768

    A remote, unauthenticated attacker can gain remote code execution on the the Tenda AC15 router with a specially crafted password parameter for the COOKIE header.... Read more

    Affected Products : ac15_firmware ac15_firmware ac15
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-5780

    A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vnewmee... Read more

    Affected Products : connect_onsite st14.2
    • Published: Mar. 14, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-5770

    An issue was discovered on Tenda AC15 devices. A remote, unauthenticated attacker can make a request to /goform/telnet, creating a telnetd service on the device. This service is password protected; however, several default accounts exist on the device tha... Read more

    Affected Products : ac15_firmware ac15_firmware ac15
    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-2466

    The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsDOMClassInfo.cpp, (2) JS_... Read more

    Affected Products : firefox thunderbird
    • Published: Jul. 22, 2009
    • Modified: Jun. 25, 2025

  • 10.0

    HIGH
    CVE-2009-2465

    Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving double frame construction, related to (1) nsHTMLContentSink.cpp, (2... Read more

    Affected Products : firefox thunderbird
    • Published: Jul. 22, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2281

    Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a large HT... Read more

    Affected Products : mapserver mapserver
    • Published: Oct. 23, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-5724

    MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as demonstrated by restore.cgi.... Read more

    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-5723

    MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account.... Read more

    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-2496

    Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors.... Read more

    Affected Products : edirectory imonitor
    • Published: May. 20, 2006
    • Modified: Apr. 03, 2025
Showing 20 of 293510 Results