Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2024-3400

    A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute ... Read more

    Affected Products : pan-os prisma_access
    • Actively Exploited
    • Published: Apr. 12, 2024
    • Modified: Nov. 29, 2024

  • 10.0

    HIGH
    CVE-2021-21985

    The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit ... Read more

    Affected Products : vcenter_server cloud_foundation
    • Actively Exploited
    • EPSS Score: %94.37
    • Published: May. 26, 2021
    • Modified: Apr. 02, 2025

  • 10.0

    CRITICAL
    CVE-2018-4091

    An issue was discovered in certain Apple products. macOS before 10.13.3 is affected. The issue involves the "Sandbox" component. It allows bypass of a sandbox protection mechanism.... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %1.89
    • Published: Apr. 03, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2000-0109

    The mcsp Client Site Processor system (MultiCSP) in Standard and Poor's ComStock is installed with several accounts that have no passwords or easily guessable default passwords.... Read more

    Affected Products : multicsp
    • EPSS Score: %2.18
    • Published: Jan. 31, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2024-2389

    In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified.  An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary s... Read more

    Affected Products : flowmon_os flowmon
    • Published: Apr. 02, 2024
    • Modified: Feb. 07, 2025

  • 10.0

    CRITICAL
    CVE-2024-23108

    An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 throu... Read more

    Affected Products : fortisiem
    • EPSS Score: %88.42
    • Published: Feb. 05, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-22476

    Improper input validation in some Intel(R) Neural Compressor software before version 2.5.0 may allow an unauthenticated user to potentially enable escalation of privilege via remote access.... Read more

    Affected Products :
    • Published: May. 16, 2024
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2006-4996

    Unspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 for Joomla! allows remote attackers to have an unknown impact, related to "Joomla globals hacked by script kiddies."... Read more

    Affected Products : joomlalib
    • EPSS Score: %0.02
    • Published: Sep. 26, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2024-1403

    In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified.  The vulnerability is a bypass to authentication based on ... Read more

    Affected Products : openedge
    • Published: Feb. 27, 2024
    • Modified: Feb. 11, 2025

  • 10.0

    HIGH
    CVE-2005-2655

    lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments.... Read more

    Affected Products : maildrop
    • EPSS Score: %0.40
    • Published: Aug. 30, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    CRITICAL
    CVE-2018-4018

    An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An at... Read more

    • EPSS Score: %0.43
    • Published: May. 13, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2005-2530

    Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific extensions."... Read more

    Affected Products : java
    • EPSS Score: %0.81
    • Published: Dec. 31, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-2511

    Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %0.40
    • Published: Aug. 19, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-2425

    Stack-based buffer overflow in Ares FileShare 1.1 allows remote attackers or local users to execute arbitrary code via a (1) long history parameter in the configuration file (ares.conf) or (2) long search string.... Read more

    Affected Products : fileshare
    • EPSS Score: %3.78
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-2149

    config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.... Read more

    Affected Products : cacti
    • EPSS Score: %1.29
    • Published: Jul. 06, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-2420

    flsearch.pl in FtpLocate 2.02 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP GET request.... Read more

    Affected Products : ftplocate
    • EPSS Score: %5.07
    • Published: Aug. 03, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-1983

    Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application,... Read more

    Affected Products : windows_2000 windows_xp
    • EPSS Score: %87.82
    • Published: Aug. 10, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-2290

    wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and (2) cat variables.... Read more

    Affected Products : web_portal_system
    • EPSS Score: %3.28
    • Published: Jul. 18, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-2259

    The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote atta... Read more

    • EPSS Score: %3.55
    • Published: Jul. 13, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-0059

    Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.... Read more

    • EPSS Score: %88.80
    • Published: May. 02, 2005
    • Modified: Apr. 03, 2025
Showing 20 of 292495 Results