Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2005-3465

    Unspecified vulnerability in JDEdwards HTML Server in Oracle EnterpriseOne 8.94 OneWorld XE up to 8.95_B1, 8.94_Q1, and SP23_K1 has unknown impact and attack vectors, as identified by Oracle Vuln# JDE01.... Read more

    Affected Products : oneworld_xe enterpriseone
    • Published: Nov. 02, 2005
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2002-0537

    The admin.html file in StepWeb Search Engine (SWS) 2.5 stores passwords in links to manager.pl, which allows remote attackers who can access the admin.html file to gain administrative privileges to SWS.... Read more

    Affected Products : sws
    • Published: Jul. 03, 2002
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2020-3691

    Possible out of bound memory access in audio due to integer underflow while processing modified contents in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile... Read more

    Affected Products : apq8009 apq8009w apq8017 apq8030 apq8037 apq8052 apq8053 apq8056 apq8060a apq8062 +496 more products
    • Published: Jan. 21, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2015-7426

    The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spec... Read more

    • Published: Jan. 02, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2013-1592

    A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04... Read more

    Affected Products : netweaver
    • Published: Jan. 23, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2014-0605

    Directory traversal vulnerability in the rftpcom.dll ActiveX control in Attachmate Reflection FTP Client before 14.1.429 allows remote attackers to execute arbitrary code via unspecified vectors to the SaveSettings method.... Read more

    Affected Products : reflection_ftp_client
    • Published: Feb. 06, 2015
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2017-18137

    In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile MDM9640, MDM9645, MDM9650, MDM9655, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 835, while processing the IPv6 pdp address of the pdp context, a buffer overflow can occur.... Read more

    • Published: Apr. 11, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2007-1867

    Buffer overflow in IrfanView 3.99 allows remote attackers to execute arbitrary code via a crafted animated cursor (ANI) file.... Read more

    Affected Products : irfanview
    • Published: Apr. 04, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2017-18160

    AGPS session failure in GNSS module due to cyphersuites are hardcoded and needed manual update everytime in snapdragon mobile and snapdragon wear in versions MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 835, SD 845, SD 850... Read more

    • Published: Jan. 18, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2011-0918

    Stack-based buffer overflow in the NRouter (aka Router) service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long filenames associated with Content-ID and ATTACH:CID headers in attachments in malformed calendar-request e-mail ... Read more

    Affected Products : lotus_domino
    • Published: Feb. 08, 2011
    • Modified: Apr. 11, 2025

  • 10.0

    HIGH
    CVE-2021-1916

    Possible buffer underflow due to lack of check for negative indices values when processing user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon ... Read more

    • Published: Sep. 08, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-5219

    An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component Manager functionality, provided by SageCRM, permits additional components to be added to the application to enhance provided functionality. This functionality allows a zip file to be upl... Read more

    Affected Products : sagecrm
    • Published: Feb. 02, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2007-2187

    Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows remote attackers to execute arbitrary code via a long DNS response. NOTE: this might be related to CVE-2006-6926.... Read more

    Affected Products : extremail
    • Published: Apr. 24, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2018-16591

    FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the Admin, Log and Service accounts, as well as the password for the protected "SMS" panel via /cgi-bin/sm_changepassword.cgi and /cgi-bin/sm_sms_changepasswd.cgi.... Read more

    • Published: Sep. 10, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-15916

    goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices allows remote attackers to execute arbitrary system commands via shell metacharacters in the lanIp POST parameter.... Read more

    Affected Products : ac15_firmware ac15
    • Published: Jul. 23, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2013-1599

    A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, D... Read more

    • Published: Jan. 28, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2001-0534

    Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b and (2) Lucent 2.1-2 RADIUS allow remote attackers to cause a denial of service or execute arbitrary commands.... Read more

    Affected Products : radius radius
    • Published: Jul. 21, 2001
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0788

    The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands.... Read more

    Affected Products : word access
    • Published: Oct. 20, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0684

    BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.... Read more

    Affected Products : weblogic_server
    • Published: Oct. 20, 2000
    • Modified: Apr. 03, 2025

  • 10.0

    HIGH
    CVE-2000-0133

    Buffer overflows in Tiny FTPd 0.52 beta3 FTP server allows users to execute commands via the STOR, RNTO, MKD, XMKD, RMD, XRMD, APPE, SIZE, and RNFR commands.... Read more

    Affected Products : tiny_ftpdaemon
    • Published: Feb. 01, 2000
    • Modified: Apr. 03, 2025
Showing 20 of 292795 Results