Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2009-0043

    The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors.... Read more

    • EPSS Score: %29.18
    • Published: Jan. 08, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-0042

    Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA... Read more

    • EPSS Score: %1.24
    • Published: Jan. 28, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2009-0012

    Heap-based buffer overflow in CoreText in Apple Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via a crafted Unicode string.... Read more

    Affected Products : mac_os_x mac_os_x_server
    • EPSS Score: %9.33
    • Published: Feb. 13, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-7219

    Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.... Read more

    • EPSS Score: %1.06
    • Published: Sep. 13, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-6833

    Directory traversal vulnerability in commsrss.php in fuzzylime (cms) before 3.01b allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a files array element for a blogs action, as demonstrated by the files[0] paramete... Read more

    Affected Products : fuzzylime_\(cms\)
    • EPSS Score: %2.48
    • Published: Jun. 22, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-6820

    The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856.... Read more

    Affected Products : db2 windows
    • EPSS Score: %0.78
    • Published: Jun. 03, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-6816

    Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php.... Read more

    Affected Products : network_shutdown_module
    • EPSS Score: %11.74
    • Published: May. 28, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-6767

    wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to upgrade the application, and possibly cause a denial of service (application outage), via a direct request.... Read more

    Affected Products : wordpress
    • EPSS Score: %0.74
    • Published: Apr. 28, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-6536

    Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME test suite for Archive Formats (c10).... Read more

    Affected Products : 7-zip
    • EPSS Score: %2.26
    • Published: Mar. 30, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-6415

    Buffer overflow in YoungZSoft CCProxy 6.5 might allow remote attackers to execute arbitrary code via a CONNECTION request with a long hostname.... Read more

    Affected Products : ccproxy
    • EPSS Score: %5.38
    • Published: Mar. 06, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-6071

    Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. NOT... Read more

    Affected Products : graphicsmagick
    • EPSS Score: %6.08
    • Published: Feb. 10, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-5911

    Multiple buffer overflows in RealNetworks Helix Server and Helix Mobile Server 11.x before 11.1.8 and 12.x before 12.0.1 allow remote attackers to (1) cause a denial of service via three crafted RTSP SETUP commands, or execute arbitrary code via (2) an NT... Read more

    Affected Products : helix_server helix_server_mobile
    • EPSS Score: %16.43
    • Published: Jan. 20, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-5457

    Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins for Apache, Sun and IIS web servers component in BEA Product Suite 10.3, 10.0 MP1, 9.2 MP3, 9.1, 9.0, 8.1 SP6, and 7.0 SP7 allows remote attackers to affect confidentiality, integrity, an... Read more

    Affected Products : bea_product_suite
    • EPSS Score: %83.27
    • Published: Jan. 14, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-5448

    Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2008-5444 and CVE-2008-... Read more

    Affected Products : secure_backup
    • EPSS Score: %84.01
    • Published: Jan. 14, 2009
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-5415

    The LDBserver service in the server in CA ARCserve Backup 11.1 through 12.0 on Windows allows remote attackers to execute arbitrary code via a handle_t argument to an RPC endpoint in which the argument refers to an incompatible procedure.... Read more

    • EPSS Score: %15.63
    • Published: Dec. 11, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-5412

    Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows has unknown impact and attack vectors related to JSPs. NOTE: this is probably a duplicate of CVE-2009-0438.... Read more

    • EPSS Score: %1.35
    • Published: Dec. 10, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-5403

    Heap-based buffer overflow in the XML parser in the AIM plugin in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a malformed XML tag.... Read more

    • EPSS Score: %25.56
    • Published: Dec. 10, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-5401

    Stack-based buffer overflow in the image tooltip implementation in Trillian before 3.1.12.0 allows remote attackers to execute arbitrary code via a long image filename, related to "AIM IMG Tag Parsing."... Read more

    • EPSS Score: %26.69
    • Published: Dec. 10, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-5305

    Eval injection vulnerability in TWiki before 4.2.4 allows remote attackers to execute arbitrary Perl code via the %SEARCH{}% variable.... Read more

    Affected Products : twiki
    • EPSS Score: %2.94
    • Published: Dec. 10, 2008
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2008-5282

    Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute.... Read more

    Affected Products : amaya_web_browser
    • EPSS Score: %46.08
    • Published: Nov. 29, 2008
    • Modified: Apr. 09, 2025
Showing 20 of 291780 Results