Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-5225

    LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.... Read more

    Affected Products : libtiff
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5203

    The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().... Read more

    • Published: Jan. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-47538

    GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the `vorbis_handle_identification_packet` function within `gstvorbisdec.c`. The position array is a stack-allocated buffer of size 64... Read more

    Affected Products : gstreamer
    • Published: Dec. 12, 2024
    • Modified: Dec. 19, 2024

  • 9.8

    CRITICAL
    CVE-2017-5205

    The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().... Read more

    • Published: Jan. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5204

    The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().... Read more

    • Published: Jan. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5174

    An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11.0.12. An authentication bypass vulnerability has been identified. The existing file system architecture could allow attackers to bypass the access control th... Read more

    • Published: May. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5249

    In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android app, the OAuth token used by the app to authorize user access is not stored in an encrypted and secure manner.... Read more

    Affected Products : wink
    • Published: Feb. 22, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-5158

    An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specifie... Read more

    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-47484

    Dell Avamar, versions prior to 19.12 with patch 338905, excluding 19.10 and 19.10SP1 with patch 338869, contains an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote... Read more

    Affected Products : avamar_server avamar_data_store
    • Published: Dec. 10, 2024
    • Modified: Aug. 04, 2025

  • 9.8

    CRITICAL
    CVE-2017-5139

    An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Any user is able to disclose a password by accessing a specific URL, because of Plaintext Storage of a Password.... Read more

    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5159

    An issue was discovered on Phoenix Contact mGuard devices that have been updated to Version 8.4.0. When updating an mGuard device to Version 8.4.0 via the update-upload facility, the update will succeed, but it will reset the password of the admin user to... Read more

    Affected Products : mguard_firmware
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5140

    An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. Password is stored in clear text.... Read more

    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-8165

    A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.... Read more

    Affected Products : debian_linux leap rails
    • Published: Jun. 19, 2020
    • Modified: May. 09, 2025

  • 9.8

    CRITICAL
    CVE-2024-47533

    Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Nov. 19, 2024

  • 9.8

    CRITICAL
    CVE-2020-5955

    An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel client chipsets. A caller may be able to escalate privileges.... Read more

    • Published: Nov. 03, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-4989

    In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, 7.2.1-32, 7.2.1-31, 7.2.0-401, an unauthenticated remote attacker may potentially bypass the authentication process to gain access to the system maintenance page. This may be exploited by an a... Read more

    Affected Products : avamar_server
    • Published: Jun. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-4990

    In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, 7.3.0-233, 7.3.0-226, an unauthorized attacker may leverage the file upload feature of the system maintenance page to load a maliciously crafted file to any directory which could allow the atta... Read more

    Affected Products : avamar_server
    • Published: Jun. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-5609

    Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 al... Read more

    • Published: Aug. 05, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-47331

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NinjaTeam Multi Step for Contact Form allows SQL Injection.This issue affects Multi Step for Contact Form: from n/a through 2.7.7.... Read more

    Affected Products : multi_step_for_contact_form_7
    • Published: Oct. 11, 2024
    • Modified: Nov. 14, 2024

  • 9.8

    CRITICAL
    CVE-2017-4955

    An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions prior to 1.6.65, 1.7.x versions prior to 1.7.48, 1.8.x versions prior to 1.8.28, and 1.9.x versions prior to 1.9.5. Several credentials were present in the logs for the Notifications er... Read more

    Affected Products : cloud_foundry_elastic_runtime
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292810 Results