Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-7974

    The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions.... Read more

    Affected Products : tcpdump
    • EPSS Score: %0.93
    • Published: Jan. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-9137

    Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that ... Read more

    Affected Products : php
    • EPSS Score: %0.89
    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000480

    Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.... Read more

    Affected Products : smarty
    • EPSS Score: %0.86
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1000501

    Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.... Read more

    Affected Products : debian_linux awstats
    • EPSS Score: %5.92
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2014-9513

    Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows remote attackers to execute arbitrary code.... Read more

    Affected Products : xbindkeys-config
    • EPSS Score: %6.55
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11636

    GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() function in coders/rgb.c when processing multiple frames that have non-identical widths.... Read more

    Affected Products : graphicsmagick
    • EPSS Score: %0.47
    • Published: Jul. 26, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-10965

    An issue was discovered in Irssi before 1.0.4. When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer.... Read more

    Affected Products : irssi
    • EPSS Score: %1.45
    • Published: Jul. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-8009

    The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered ... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.45
    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12424

    In shadow before 4.5, the newusers tool could be made to manipulate internal data structures in ways unintended by the authors. Malformed input may lead to crashes (with a buffer overflow or other memory corruption) or other unspecified behaviors. This cr... Read more

    Affected Products : debian_linux shadow
    • EPSS Score: %0.59
    • Published: Aug. 04, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12627

    In Apache Xerces-C XML Parser library before 3.2.1, processing of external DTD paths can result in a null pointer dereference under certain conditions.... Read more

    Affected Products : xerces-c\+\+
    • EPSS Score: %5.20
    • Published: Mar. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-12791

    Directory traversal vulnerability in minion id validation in SaltStack Salt before 2016.11.7 and 2017.7.x before 2017.7.1 allows remote minions with incorrect credentials to authenticate to a master via a crafted minion ID.... Read more

    Affected Products : salt
    • EPSS Score: %1.38
    • Published: Aug. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12988

    The telnet parser in tcpdump before 4.9.2 has a buffer over-read in print-telnet.c:telnet_parse().... Read more

    Affected Products : tcpdump
    • EPSS Score: %1.12
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-13005

    The NFS parser in tcpdump before 4.9.2 has a buffer over-read in print-nfs.c:xid_map_enter().... Read more

    Affected Products : tcpdump
    • EPSS Score: %1.12
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-13020

    The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print().... Read more

    Affected Products : debian_linux tcpdump
    • EPSS Score: %2.06
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-13014

    The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions.... Read more

    Affected Products : tcpdump
    • EPSS Score: %1.12
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-13067

    QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNA... Read more

    Affected Products : qts
    • EPSS Score: %51.07
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14064

    Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a po... Read more

    • EPSS Score: %1.79
    • Published: Aug. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14626

    ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c.... Read more

    Affected Products : ubuntu_linux imagemagick
    • EPSS Score: %1.12
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-1265

    A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information ... Read more

    Affected Products : junos junos_space
    • EPSS Score: %1.00
    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14628

    In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp.... Read more

    Affected Products : sam2p
    • EPSS Score: %0.43
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291830 Results