Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2009-2465

    Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving double frame construction, related to (1) nsHTMLContentSink.cpp, (2... Read more

    Affected Products : firefox thunderbird
    • Published: Jul. 22, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-2281

    Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a large HT... Read more

    Affected Products : mapserver mapserver
    • Published: Oct. 23, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-5724

    MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as demonstrated by restore.cgi.... Read more

    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-5723

    MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account.... Read more

    • Published: Jan. 16, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-2496

    Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors.... Read more

    Affected Products : edirectory imonitor
    • Published: May. 20, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2018-5701

    In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys driver file contains an Arbitrary Write vulnerability due to not validating input values from IOCtl 0x00226003.... Read more

    Affected Products : system_shield
    • Published: Jan. 31, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2009-1301

    Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding... Read more

    Affected Products : mpg123
    • Published: Apr. 16, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2018-5551

    Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contain three credentials with known passwords: QDMaster, OTMaster, and sa.... Read more

    Affected Products : dtisqlinstaller
    • Published: Mar. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-2429

    Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and remote attack vectors related to "HTTP request handlers".... Read more

    Affected Products : websphere_application_server
    • Published: May. 17, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-2372

    Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.... Read more

    Affected Products : dhcp_client_service
    • Published: Jul. 11, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-2382

    Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding M... Read more

    Affected Products : internet_explorer
    • Published: Jun. 13, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2009-0352

    Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before 3.0.6, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary ... Read more

    Affected Products : firefox thunderbird seamonkey
    • Published: Feb. 04, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2018-5560

    A reliance on a static, hard-coded credential in the design of the cloud-based storage system of Practecol's Guardzilla All-In-One Video Security System allows an attacker to view the private data of all users of the Guardzilla device.... Read more

    Affected Products : gz521w_firmware gz521w
    • Published: Jan. 31, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-5244

    Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact and attack vectors related to libfaad. NOTE: due to the lack of details, it is not clear whether this is an issue in xine-lib or in libfaad.... Read more

    Affected Products : xine-lib
    • Published: Nov. 26, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-5439

    A Command Injection issue was discovered in Nortek Linear eMerge E3 series Versions V0.32-07e and prior. A remote attacker may be able to execute arbitrary code on a target machine with elevated privileges.... Read more

    Affected Products : emerge_e3_firmware emerge_e3
    • Published: Feb. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-4404

    The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeries servers does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic... Read more

    Affected Products : zseries
    • Published: Oct. 03, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-4038

    Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted... Read more

    • Published: Oct. 15, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-5399

    The Auto-Maskin DCU 210E firmware contains an undocumented Dropbear SSH server, v2015.55, configured to listen on Port 22 while the DCU is running. The Dropbear server is configured with a hard-coded user name and password combination of root / amroot. Th... Read more

    • Published: Oct. 08, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-5409

    The PrinterLogic Print Management software, versions up to and including 18.3.1.96, updates and executes the code without sufficiently verifying the origin and integrity of the code. An attacker can execute malicious code by compromising the host server, ... Read more

    Affected Products : print_management
    • Published: May. 08, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2008-3466

    Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to ... Read more

    • Published: Oct. 15, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 292803 Results