Skip to main content

CVE-2007-4466

CVSS Score Not Available
76.52%
HIGH RiskEPSS (99th percentile)
CWE-119CWE-94

Multiple stack-based buffer overflows in Electronic Arts (EA) SnoopyCtrl ActiveX control (NPSnpy.dll) allow remote attackers to execute arbitrary code via unspecified methods and parameters.

Published: 10/9/2007
Modified: 4/9/2025
Back to CVE Lookup

Vulnerability Summary

EPSS Score (Exploitation Probability)

76.52%HIGH Exploitation Risk
99th percentile

This vulnerability has a 76.52% probability of being exploited in the next 30 days, ranking higher than 99% of all scored CVEs.

CWE Classification

CWE-119CWE-94

Related Vulnerabilities

Same Weakness Type(CWE-119, CWE-94)

CVE-2026-8221LOW 2.4

A flaw has been found in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /inventory/item-save. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

5/10/2026
CVE-2026-7607HIGH 8.8

A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of the component Firmware Udpate. The manipulation of the argument str leads to buffer overflow. The attack may be initiated remotely. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer.

5/2/2026
CVE-2026-2052HIGH 8.8

The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.2 via the Display Logic feature. This is due to the plugin using eval() on user-supplied Display Logic expressions with an insufficient blocklist/allowlist that can be bypassed using array_map with string concatenation, combined with a lack of authorization enforcement on the extended_widget_opts_block attribute. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. The vulnerability was partially patched in version 4.2.0.

5/2/2026
CVE-2026-7596MEDIUM 4.3

A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through a pull request but has not reacted yet.

5/1/2026
CVE-2026-6218MEDIUM 4.3

A vulnerability was found in aandrew-me ytDownloader up to 3.20.2. Affected by this issue is the function createTextNode of the component Error Details Panel. The manipulation results in cross site scripting. The attack may be performed from remote. The vendor was contacted early about this disclosure.

4/13/2026

Learn More

CVSS Calculator

Calculate and understand CVSS scores

Understanding CVSS Scoring

Learn how severity scores are calculated and what they mean

CVE Prioritization Guide

Best practices for deciding which vulnerabilities to address first

What is a CVE?

Essential guide to Common Vulnerabilities and Exposures