Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2018-8872

    In Schneider Electric Triconex Tricon MP model 3008 firmware versions 10.0-10.4, system calls read directly from memory addresses within the control program area without any verification. Manipulating this data could allow attacker data to be copied anywh... Read more

    • EPSS Score: %0.80
    • Published: May. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10559

    selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote cod... Read more

    Affected Products : selenium-download
    • EPSS Score: %0.77
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10601

    webdrvr is a npm wrapper for Selenium Webdriver including Chromedriver / IEDriver / IOSDriver / Ghostdriver. webdrvr downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) ... Read more

    Affected Products : webdrvr
    • EPSS Score: %0.55
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10567

    product-monitor is a HTML/JavaScript template for monitoring a product by encouraging product developers to gather all the information about the status of a product, including live monitoring, statistics, endpoints, and test results into one place. produc... Read more

    Affected Products : product-monitor
    • EPSS Score: %0.77
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10571

    bkjs-wand is imagemagick wand support for node.js and backendjs bkjs-wand versions lower than 0.3.2 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out th... Read more

    Affected Products : bkjs-wand
    • EPSS Score: %0.77
    • Published: May. 31, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10585

    libxl provides Node bindings for the libxl library for reading and writing excel (XLS and XLSX) spreadsheets. libxl downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) b... Read more

    Affected Products : libxl
    • EPSS Score: %0.77
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10595

    jdf-sass is a fork from node-sass, jdf use only. jdf-sass downloads executable resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested file with an attacker con... Read more

    Affected Products : jdf-sass
    • EPSS Score: %0.77
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10603

    air-sdk is a NPM wrapper for the Adobe AIR SDK. air-sdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker control... Read more

    Affected Products : air-sdk
    • EPSS Score: %0.77
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10605

    dalek-browser-ie is Internet Explorer bindings for DalekJS. dalek-browser-ie downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary wit... Read more

    Affected Products : dalekjs
    • EPSS Score: %0.55
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10606

    grunt-webdriver-qunit is a grunt plugin to run qunit with webdriver in grunt grunt-webdriver-qunit downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out th... Read more

    Affected Products : grunt-webdriver-qunit
    • EPSS Score: %0.55
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10608

    robot-js is a module for native system automation for node.js. robot-js downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an ... Read more

    Affected Products : robot-js
    • EPSS Score: %0.86
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10620

    atom-node-module-installer installs node modules for atom-shell applications. atom-node-module-installer binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the re... Read more

    Affected Products : atom-node-module-installer
    • EPSS Score: %0.77
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10622

    nodeschnaps is a NodeJS compatibility layer for Java (Rhino). nodeschnaps downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with a... Read more

    Affected Products : nodeschnaps
    • EPSS Score: %0.77
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10624

    selenium-chromedriver is a simple utility for downloading the Selenium Webdriver for Google Chrome selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (R... Read more

    Affected Products : selenium-chromedriver
    • EPSS Score: %0.55
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10628

    selenium-wrapper is a selenium server wrapper, including installation and chrome webdriver. selenium-wrapper downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapp... Read more

    Affected Products : selenium-wrapper
    • EPSS Score: %0.55
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10629

    nw-with-arm is a NW Installer including ARM-Build. nw-with-arm downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker ... Read more

    Affected Products : nw-with-arm
    • EPSS Score: %0.77
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10631

    jvminstall is a module for downloading and unpacking jvm to local system. jvminstall downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested bi... Read more

    Affected Products : jvminstall
    • EPSS Score: %0.77
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10632

    apk-parser2 is a module which extracts Android Manifest info from an APK file. apk-parser2 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the reques... Read more

    Affected Products : apk-parser2
    • EPSS Score: %0.77
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10633

    dwebp-bin is a dwebp node.js wrapper that convert WebP into PNG. dwebp-bin downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with ... Read more

    Affected Products : dwebp-bin
    • EPSS Score: %0.55
    • Published: Jun. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    CRITICAL
    CVE-2023-46116

    Tutanota (Tuta Mail) is an encrypted email provider. Tutanota allows users to open links in emails in external applications. Prior to version 3.118.12, it correctly blocks the `file:` URL scheme, which can be used by malicious actors to gain code executio... Read more

    Affected Products : tutanota
    • EPSS Score: %0.87
    • Published: Dec. 15, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 292387 Results