Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2024-41794

    A vulnerability has been identified in SENTRON 7KT PAC1260 Data Manager (All versions). Affected devices contain hardcoded credentials for remote access to the device operating system with root privileges. This could allow unauthenticated remote attackers... Read more

    Affected Products :
    • Published: Apr. 08, 2025
    • Modified: Apr. 08, 2025
    • Vuln Type: Authentication

  • 10.0

    CRITICAL
    CVE-2023-42802

    GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration an... Read more

    Affected Products : glpi
    • Published: Nov. 02, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2023-42770

    Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no aut... Read more

    • Published: Nov. 21, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2025-32432

    Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Starting from version 3.0.0-RC1 to before 3.9.15, 4.0.0-RC1 to before 4.14.15, and 5.0.0-RC1 to before 5.6.17, Craft is vulnerable to remote code executi... Read more

    Affected Products : craft_cms
    • Published: Apr. 25, 2025
    • Modified: Apr. 28, 2025
    • Vuln Type: Denial of Service

  • 10.0

    CRITICAL
    CVE-2023-6269

    An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3.4.0, and OpenScape "BCF" before versions V10R10.12.00 a... Read more

    • Published: Dec. 05, 2023
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2019-7964

    Adobe Experience Manager versions 6.5, and 6.4 have an authentication bypass vulnerability. Successful exploitation could lead to remote code execution.... Read more

    • Published: Aug. 16, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2005-3277

    The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing the conn... Read more

    Affected Products : hp-ux
    • Published: Oct. 21, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2005-4325

    Multiple unspecified vulnerabilities in Driverse before 0.56b have unknown impact and attack vectors, related to (1) a "ptrace exploit" and (2) "some other potential security problems."... Read more

    Affected Products : driverse
    • Published: Dec. 17, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0425

    Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 allows remote attackers to execute arbitrary commands.... Read more

    Affected Products : listserv
    • Published: May. 03, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-2206

    The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 uses weak encryption (XOR) for challenge/response, which allows remote attackers to gain privileges by sniffing and decrypting passwords.... Read more

    Affected Products : ultravnc
    • Published: May. 05, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0812

    The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ ta... Read more

    Affected Products : java_system_web_server
    • Published: Nov. 14, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2001-0028

    Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2 and earlier allows remote attackers to execute arbitrary commands via a large number of " (quotation) characters.... Read more

    Affected Products : oops_proxy_server
    • Published: Feb. 12, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2001-0171

    Buffer overflow in SlimServe HTTPd 1.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long GET request.... Read more

    Affected Products : slimserve
    • Published: May. 03, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2001-1363

    Vulnerability in phpWebSite before 0.7.9 related to running multiple instances in the same domain, which may allow attackers to gain administrative privileges.... Read more

    Affected Products : phpwebsite
    • Published: Jul. 19, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2001-1514

    ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess fu... Read more

    Affected Products : coldfusion
    • Published: Dec. 31, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-3723

    Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle PeopleSoft Enterprise Portal 8.8 with Enforcer Portal Pack Bundle #10 and 8.9 Bundle #3 has unknown impact and attack vectors, aka Oracle Vuln# PSE02.... Read more

    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-3716

    Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka Oracle Vuln# (1) APPS01 for Internet Expenses; (2) APPS02, (3) APPS05, (4) APPS06, (5) APPS07, (6) APPS08, (7) APPS09, ... Read more

    Affected Products : e-business_suite
    • Published: Jul. 21, 2006
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0272

    Buffer overflows in mpg321 before 0.2.9 allows local and possibly remote attackers to execute arbitrary code via a long URL to (1) a command line option, (2) an HTTP request, or (3) an FTP request.... Read more

    Affected Products : linux mpg321
    • Published: May. 31, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0416

    Buffer overflow in SH39 MailServer 1.21 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long command to the SMTP port.... Read more

    Affected Products : mailserver
    • Published: Aug. 12, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2006-5151

    Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to "gain root access" via unspecified vectors.... Read more

    Affected Products : hp-ux
    • Published: Oct. 05, 2006
    • Modified: Apr. 09, 2025
Showing 20 of 293350 Results