Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2006-6470

    The SNMP Agent in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 returns no error for a non-writable object, which has unknown impact and attack vectors. NOTE: due to the vagueness of th... Read more

    Affected Products : workcentre
    • EPSS Score: %0.40
    • Published: Dec. 11, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    CRITICAL
    CVE-2024-52034

    An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command can be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands.... Read more

    Affected Products : mypro
    • Published: Nov. 22, 2024
    • Modified: Nov. 22, 2024

  • 10.0

    HIGH
    CVE-2006-6515

    Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders.... Read more

    Affected Products : mantis
    • EPSS Score: %0.38
    • Published: Dec. 14, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-6567

    PHP remote file inclusion vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.... Read more

    Affected Products : kb_mods
    • EPSS Score: %2.32
    • Published: Dec. 15, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-6584

    Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors.... Read more

    Affected Products : italkplus
    • EPSS Score: %3.17
    • Published: Dec. 15, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-6627

    Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA ... Read more

    • EPSS Score: %9.86
    • Published: Dec. 18, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-6902

    Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.... Read more

    • EPSS Score: %30.58
    • Published: Dec. 31, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-6908

    Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows,... Read more

    • EPSS Score: %35.62
    • Published: Dec. 31, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-6853

    Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002.... Read more

    Affected Products : durian_web_application_server
    • EPSS Score: %18.52
    • Published: Dec. 31, 2006
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0057

    Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain u... Read more

    • EPSS Score: %3.12
    • Published: Jan. 04, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0417

    BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and 9.1, when using the WebLogic Server 6.1 compatibility realm, allows attackers to execute certain EJB container persistence operations with an administrative identity.... Read more

    Affected Products : weblogic_server
    • EPSS Score: %0.78
    • Published: Jan. 23, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0841

    Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities might be associated with other CVE identifiers.... Read more

    Affected Products : vbdrupal
    • EPSS Score: %0.38
    • Published: Feb. 08, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0903

    Unspecified vulnerability in the mod_roster_odbc module in ejabberd before 1.1.3 has unknown impact and attack vectors.... Read more

    Affected Products : ejabberd
    • EPSS Score: %0.71
    • Published: Feb. 13, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-0954

    MOHA Chat 0.1b7 and earlier does not require authentication for use of the plug in API, which has unknown impact and attack vectors.... Read more

    Affected Products : moha_chat
    • EPSS Score: %0.36
    • Published: Feb. 15, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-7036

    PHP remote file inclusion vulnerability in register.php for Andys Chat 4.5 allows remote attackers to execute arbitrary code via the action parameter. NOTE: this issue was announced by an unreliable researcher, but the vendor is no longer distributing th... Read more

    Affected Products : andys_chat
    • EPSS Score: %3.42
    • Published: Feb. 23, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-7095

    Integer signedness error in the network_receive_packet function in socket.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large data_len valu... Read more

    Affected Products : dim3
    • EPSS Score: %2.54
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1134

    Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown impact and attack vectors, related to "unauthorized accounts."... Read more

    Affected Products : watchtower
    • EPSS Score: %0.36
    • Published: Mar. 02, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-7134

    Unrestricted file upload vulnerability in main_user.php in Upload Tool for PHP 1.0 allows remote attackers to upload and execute arbitrary files with executable extensions such as .php. NOTE: the provenance of this information is unknown; the details are... Read more

    Affected Products : upload_tool_for_php
    • EPSS Score: %2.84
    • Published: Mar. 06, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2006-7156

    PHP remote file inclusion vulnerability in addon_keywords.php in Keyword Replacer (keyword_replacer) 1.0 and earlier, a module for miniBB, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter.... Read more

    Affected Products : keyword_replacer
    • EPSS Score: %6.42
    • Published: Mar. 07, 2007
    • Modified: Apr. 09, 2025

  • 10.0

    HIGH
    CVE-2007-1640

    Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the BASE parameter to (1) language.php and (2) phpadmin/survey.php.... Read more

    Affected Products : classweb
    • EPSS Score: %5.70
    • Published: Mar. 23, 2007
    • Modified: Apr. 09, 2025
Showing 20 of 292516 Results