Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-5342

    In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print().... Read more

    Affected Products : tcpdump
    • EPSS Score: %4.38
    • Published: Jan. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-4907

    VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway.... Read more

    Affected Products : horizon_view unified_access_gateway
    • EPSS Score: %1.99
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-8803

    The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vect... Read more

    Affected Products : ubuntu_linux leap opensuse nettle
    • EPSS Score: %12.34
    • Published: Feb. 23, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-8805

    The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vect... Read more

    Affected Products : ubuntu_linux leap opensuse nettle
    • EPSS Score: %1.20
    • Published: Feb. 23, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2024-36080

    Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network.... Read more

    Affected Products :
    • Published: May. 19, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-36031

    In the Linux kernel, the following vulnerability has been resolved: keys: Fix overwrite of key expiration on instantiation The expiry time of a key is unconditionally overwritten during instantiation, defaulting to turn it permanent. This causes a probl... Read more

    Affected Products : linux_kernel
    • Published: May. 30, 2024
    • Modified: Apr. 01, 2025

  • 9.8

    CRITICAL
    CVE-2015-8768

    click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmro... Read more

    Affected Products : ubuntu_linux click
    • EPSS Score: %1.59
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-36046

    Infoblox NIOS through 8.6.4 executes with more privileges than required.... Read more

    Affected Products : nios
    • Published: Feb. 27, 2025
    • Modified: Apr. 10, 2025
    • Vuln Type: Authorization

  • 9.8

    CRITICAL
    CVE-2015-8771

    The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password.... Read more

    Affected Products : gosa_plugin
    • EPSS Score: %1.20
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-8710

    The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possibly have unspecified other impact via an unclosed HTML c... Read more

    Affected Products : debian_linux libxml2
    • EPSS Score: %4.71
    • Published: Apr. 11, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-8707

    Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer f... Read more

    Affected Products : magento
    • EPSS Score: %0.20
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-44808

    An issue in Vypor Attack API System v.1.0 allows a remote attacker to execute arbitrary code via the user GET parameter.... Read more

    Affected Products :
    • Published: Sep. 04, 2024
    • Modified: Sep. 05, 2024

  • 9.8

    CRITICAL
    CVE-2024-44756

    NUS-M9 ERP Management Software v3.0.0 was discovered to contain a SQL injection vulnerability via the usercode parameter at /UserWH/checkLogin.... Read more

    Affected Products :
    • Published: Nov. 18, 2024
    • Modified: Mar. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-44552

    Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formGetIptv.... Read more

    Affected Products : ax1806_firmware ax1806
    • Published: Aug. 26, 2024
    • Modified: Mar. 18, 2025

  • 9.8

    CRITICAL
    CVE-2024-44400

    A vulnerability was discovered in DI_8400-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection.... Read more

    Affected Products : di-8400_firmware di-8400
    • Published: Sep. 04, 2024
    • Modified: Oct. 11, 2024

  • 9.8

    CRITICAL
    CVE-2017-15718

    The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.... Read more

    Affected Products : hadoop
    • EPSS Score: %1.34
    • Published: Jan. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-15041

    Go before 1.8.4 and 1.9.x before 1.9.1 allows "go get" remote command execution. Using custom domains, it is possible to arrange things so that example.com/pkg1 points to a Subversion repository but example.com/pkg1/pkg2 points to a Git repository. If the... Read more

    • EPSS Score: %6.02
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14637

    In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb function in in_xpm.cpp. However, this can also cause a write to an illegal address.... Read more

    Affected Products : sam2p
    • EPSS Score: %0.40
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14265

    A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.... Read more

    Affected Products : libraw
    • EPSS Score: %1.65
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-21564

    Dell OpenManage Enterprise versions prior to 3.6.1 contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to hijack an elevated session or perform unauthorized actions by sending malf... Read more

    Affected Products : openmanage_enterprise
    • EPSS Score: %0.80
    • Published: Aug. 09, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 292504 Results