Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2018-10192

    IPVanish 3.0.11 for macOS suffers from a root privilege escalation vulnerability. The `com.ipvanish.osx.vpnhelper` LaunchDaemon implements an insecure XPC service that could allow an attacker to execute arbitrary code as the root user. IPVanish uses a thi... Read more

    Affected Products : ipvanish
    • Published: Apr. 17, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2003-1236

    Multiple format string vulnerabilities in the logger function in netzio.c for Tanne 0.6.17 allows remote attackers to execute arbitrary code via format string specifiers in syslog.... Read more

    Affected Products : tanne
    • Published: Dec. 31, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0353

    Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine.... Read more

    Affected Products : pine
    • Published: Jun. 28, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-1043

    SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi.... Read more

    Affected Products : bugzilla
    • Published: Aug. 18, 2004
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2018-10169

    ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation vulnerability through the "ProtonVPN Service" service. This service establishes an NetNamedPipe endpoint that allows arbitrary installed applications to connect and call publicly expos... Read more

    Affected Products : protonvpn
    • Published: Apr. 16, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-10171

    Kromtech MacKeeper 3.20.4 suffers from a root privilege escalation vulnerability through its `com.mackeeper.AdwareAnalyzer.AdwareAnalyzerPrivilegedHelper` component. The AdwareAnalzyerPrivilegedHelper tool implements an XPC service that allows an unprivil... Read more

    Affected Products : mackeeper
    • Published: Jun. 05, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2003-0786

    The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.... Read more

    Affected Products : openssh
    • Published: Nov. 17, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2018-10143

    The Palo Alto Networks Expedition Migration tool 1.0.107 and earlier may allow an unauthenticated attacker with remote access to run system level commands on the device hosting this service/application.... Read more

    Affected Products : expedition
    • Published: Dec. 12, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2003-0478

    Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, and other IRC daemons based on Bahamut including (2) digatech 1.2.1, (3) methane 0.1.1, (4) AndromedeIRCd 1.2.3-Release, and (5) ircd-RU, when running in debug mode, allows remote attacke... Read more

    Affected Products : adromedeircd methane digatech ircd-ru ircd
    • Published: Aug. 07, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0191

    Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack.... Read more

    Affected Products : storpoint_cd
    • Published: Feb. 29, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2003-0224

    Buffer overflow in ssinc.dll for Microsoft Internet Information Services (IIS) 5.0 allows local users to execute arbitrary code via a web page with a Server Side Include (SSI) directive with a long filename, aka "Server Side Include Web Pages Buffer Overr... Read more

    Affected Products : internet_information_services iis
    • Published: Jun. 09, 2003
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0081

    Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jAvascript.... Read more

    Affected Products : hotmail
    • Published: Jan. 10, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0065

    Buffer overflow in InetServ 3.0 allows remote attackers to execute commands via a long GET request.... Read more

    Affected Products : inetserv
    • Published: Jan. 17, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0026

    Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string.... Read more

    Affected Products : unixware wmmon
    • Published: Dec. 21, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-1493

    Vulnerability in crp in Hewlett Packard Apollo Domain OS SR10 through SR10.3 allows remote attackers to gain root privileges via insecure system calls, (1) pad_$dm_cmd and (2) pad_$def_pfk().... Read more

    Affected Products : apollo_domain_os
    • Published: Dec. 18, 1991
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0010

    WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter.... Read more

    Affected Products : webwho\+
    • Published: Dec. 26, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0002

    Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request.... Read more

    Affected Products : zbserver
    • Published: Dec. 22, 1999
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-1479

    The textcounter.pl by Matt Wright allows remote attackers to execute arbitrary commands via shell metacharacters.... Read more

    Affected Products : textcounter
    • Published: Jun. 24, 1998
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-1999-1467

    Vulnerability in rcp on SunOS 4.0.x allows remote attackers from trusted hosts to execute arbitrary commands as root, possibly related to the configuration of the nobody user.... Read more

    Affected Products : sunos
    • Published: Oct. 26, 1989
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-1359

    Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH prot... Read more

    • Published: Dec. 23, 2002
    • Modified: Apr. 03, 2025
Showing 20 of 292769 Results