Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-13031

    The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a buffer over-read in print-frag6.c:frag6_print().... Read more

    Affected Products : tcpdump
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-13004

    The Juniper protocols parser in tcpdump before 4.9.2 has a buffer over-read in print-juniper.c:juniper_parse_header().... Read more

    Affected Products : debian_linux tcpdump
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12999

    The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in print-isoclns.c:isis_print().... Read more

    Affected Products : tcpdump
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11720

    There is a division-by-zero vulnerability in LAME 3.99.5, caused by a malformed input file.... Read more

    Affected Products : lame
    • Published: Jul. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-8389

    PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a ... Read more

    • Published: Dec. 02, 2015
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-8383

    PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegEx... Read more

    • Published: Dec. 02, 2015
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-8394

    PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaS... Read more

    • Published: Dec. 02, 2015
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-8386

    PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expressio... Read more

    • Published: Dec. 02, 2015
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-8298

    Multiple SQL injection vulnerabilities in the login page in RXTEC RXAdmin UPDATE 06 / 2012 allow remote attackers to execute arbitrary SQL commands via the (1) loginpassword, (2) loginusername, (3) zusatzlicher, or (4) groupid parameter to index.htm, or t... Read more

    Affected Products : rxadmin
    • Published: Sep. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-8261

    The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request.... Read more

    Affected Products : whatsup_gold whatsup_gold
    • Published: Jan. 08, 2016
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2015-8282

    SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account.... Read more

    Affected Products : spectrum_sdc
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-8271

    The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute arbitrary code.... Read more

    Affected Products : rtmpdump
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-8212

    CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware program.... Read more

    Affected Products : netbsd
    • Published: Jan. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-8670

    Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflo... Read more

    Affected Products : php libgd
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2016-8575

    The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482.... Read more

    Affected Products : tcpdump
    • Published: Jan. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-7934

    The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print().... Read more

    Affected Products : tcpdump
    • Published: Jan. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-7922

    The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print().... Read more

    Affected Products : tcpdump
    • Published: Jan. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-8103

    The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groo... Read more

    • Published: Nov. 25, 2015
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2021-0397

    In sdp_copy_raw_data of sdp_discovery.cc, there is a possible system compromise due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Android... Read more

    Affected Products : android
    • Published: Mar. 10, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2015-7988

    The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors.... Read more

    • Published: Jun. 26, 2016
    • Modified: Apr. 12, 2025
Showing 20 of 293333 Results