Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

9.8

CRITICAL

CVE-2017-13020

The VTP parser in tcpdump before 4.9.2 has a buffer over-read in print-vtp.c:vtp_print()....

Affected Products : debian_linux tcpdump
EPSS Score: %2.06

Published: Sep. 14, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2017-13014

The White Board protocol parser in tcpdump before 4.9.2 has a buffer over-read in print-wb.c:wb_prep(), several functions....

Affected Products : tcpdump
EPSS Score: %1.12

Published: Sep. 14, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2017-13067

QNAP has patched a remote code execution vulnerability affecting the QTS Media Library in all versions prior to QTS 4.2.6 build 20170905 and QTS 4.3.3.0299 build 20170901. This particular vulnerability allows a remote attacker to execute commands on a QNA...

Affected Products : qts
EPSS Score: %51.07

Published: Sep. 14, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2017-14064

Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a po...

Affected Products : ruby ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus enterprise_linux_server_tus
EPSS Score: %1.79

Published: Aug. 31, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2017-14626

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function sixel_decode in coders/sixel.c....

Affected Products : ubuntu_linux imagemagick
EPSS Score: %1.12

Published: Sep. 21, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2016-1265

A remote unauthenticated network based attacker with access to Junos Space may execute arbitrary code on Junos Space or gain access to devices managed by Junos Space using cross site request forgery (CSRF), default authentication credentials, information ...

Affected Products : junos junos_space
EPSS Score: %1.00

Published: Oct. 13, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2017-14628

In sam2p 0.49.3, a heap-based buffer overflow exists in the pcxLoadImage24 function of the file in_pcx.cpp....

Affected Products : sam2p
EPSS Score: %0.43

Published: Sep. 21, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2017-14952

Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue....

Affected Products : international_components_for_unicode
EPSS Score: %2.34

Published: Oct. 16, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2017-15101

A missing patch for a stack-based buffer overflow in findTable() was found in Red Hat version of liblouis before 2.5.4. An attacker could cause a denial of service condition or potentially even arbitrary code execution....

Affected Products : enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus liblouis
EPSS Score: %0.32

Published: Jul. 27, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-5645

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code....

Affected Products : enterprise_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus enterprise_linux_server_tus soa_suite weblogic_server communications_webrtc_session_controller +69 more products
EPSS Score: %94.01

Published: Apr. 17, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2017-7128

An issue was discovered in certain Apple products. iOS before 11 is affected. macOS before 10.13 is affected. tvOS before 11 is affected. watchOS before 4 is affected. The issue involves the third-party "SQLite" product. Versions before 3.19.3 allow remot...

Affected Products : mac_os_x iphone_os tvos watchos
EPSS Score: %1.73

Published: Oct. 23, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2018-5091

A use-after-free vulnerability can occur during WebRTC connections when interacting with the DTMF timers. This results in a potentially exploitable crash. This vulnerability affects Firefox ESR < 52.6 and Firefox < 58....

Affected Products : firefox firefox_esr ubuntu_linux enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
EPSS Score: %2.31

Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2018-5102

A use-after-free vulnerability can occur when manipulating HTML media elements with media streams, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.6, Firefox ESR < 52.6, and Firefox < 58....

Affected Products : firefox firefox_esr thunderbird ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
EPSS Score: %22.11

Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2018-5208

In Irssi before 1.0.6, a calculation error in the completion code could cause a heap buffer overflow when completing certain strings....

Affected Products : debian_linux irssi
EPSS Score: %0.92

Published: Jan. 06, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-9171

libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in the ReadImage function in input-bmp.c:492:24....

Affected Products : autotrace
EPSS Score: %0.40

Published: May. 23, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2017-3169

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port....

Affected Products : http_server
EPSS Score: %37.70

Published: Jun. 20, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2018-7485

The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact....

Affected Products : unixodbc
EPSS Score: %0.23

Published: Feb. 26, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2018-7553

There is a heap-based buffer overflow in the pcxLoadRaster function of in_pcx.cpp in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact....

Affected Products : debian_linux sam2p
EPSS Score: %0.59

Published: Feb. 28, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2018-7760

An authorization bypass vulnerability exists in Schneider Electric's Modicon M340, Modicon Premium, Modicon Quantum PLC, BMXNOR0200. Requests to CGI functions allow malicious users to bypass authorization....

Affected Products : 140cpu65150_firmware 140cpu65160_firmware bmxnor0200h_firmware modicon_m340_bmxp341000_firmware modicon_m340_bmxp342020_firmware modicon_m340_bmxp342000_firmware modicon_m340_bmxp3420102_firmware modicon_m340_bmxp342020h_firmware modicon_m340_bmxp3420302_firmware modicon_m340_bmxp3420302h_firmware +104 more products
EPSS Score: %0.15

Published: Apr. 18, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-5376

Use-after-free while manipulating XSL in XSLT documents. This vulnerability affects Thunderbird < 45.7, Firefox ESR < 45.7, and Firefox < 51....

Affected Products : firefox firefox_esr thunderbird enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
EPSS Score: %2.03

Published: Jun. 11, 2018

Modified: Nov. 21, 2024

Showing 20 of 291779 Results

1
...
1482
1483
1484
1485
1486
1487
1488
...
14589

Latest CVE Feed

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable