Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2019-14901

    A heap overflow flaw was found in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The vulnerability allows a remote attacker to cause a system crash, resulting in a denial of service, or execute arbitrary code. T... Read more

    • Published: Nov. 29, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-0028

    A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An a... Read more

    Affected Products : edge
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-9967

    Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privi... Read more

    Affected Products : samsung_mobile
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-9961

    game-music-emu before 0.6.1 mishandles unspecified integer values.... Read more

    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-9966

    Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privi... Read more

    Affected Products : samsung_mobile
    • Published: Dec. 16, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2018-7445

    A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before... Read more

    Affected Products : routeros
    • Actively Exploited
    • Published: Mar. 19, 2018
    • Modified: Aug. 15, 2025

  • 10.0

    HIGH
    CVE-2018-5070

    Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the curren... Read more

    • Published: Jul. 20, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-4977

    Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user... Read more

    • Published: Jul. 09, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-9682

    The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to two Remote Command Injection vulnerabilities in its web administrative interface. These vulnerabilities occur in the diagnostics CGI (/cgi-bin/diagnostics) component respons... Read more

    • Published: Feb. 22, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2018-4169

    In macOS High Sierra before 10.13.3, Security Update 2018-001 Sierra, and Security Update 2018-001 El Capitan, an out-of-bounds read was addressed with improved input validation.... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Jan. 11, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-4059

    An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administra... Read more

    Affected Products : coturn
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-9683

    The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'extensionsettings' CGI (/cgi-bin/extensionsettings) component... Read more

    • Published: Feb. 22, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2024-40628

    JumpServer is an open-source Privileged Access Management (PAM) tool that provides DevOps and IT teams with on-demand and secure access to SSH, RDP, Kubernetes, Database and RemoteApp endpoints through a web browser. An attacker can exploit the ansible pl... Read more

    Affected Products : jumpserver
    • Published: Jul. 18, 2024
    • Modified: Mar. 25, 2025

  • 10.0

    HIGH
    CVE-2016-9568

    A security design issue can allow an unprivileged user to interact with the Carbon Black Sensor and perform unauthorized actions.... Read more

    Affected Products : carbon_black
    • Published: Feb. 19, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2018-16158

    Eaton Power Xpert Meter 4000, 6000, and 8000 devices before 13.4.0.10 have a single SSH private key across different customers' installations and do not properly restrict access to this key, which makes it easier for remote attackers to perform SSH logins... Read more

    • Published: Aug. 30, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-9358

    A Hard-Coded Passwords issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dua... Read more

    • Published: Jun. 30, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-9498

    ManageEngine Applications Manager 12 and 13 before build 13200, allows unserialization of unsafe Java objects. The vulnerability can be exploited by remote user without authentication and it allows to execute remote code compromising the application as we... Read more

    Affected Products : manageengine_applications_manager
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2016-9335

    A hard-coded cryptographic key vulnerability was identified in Red Lion Controls Sixnet-Managed Industrial Switches running firmware Version 5.0.196 and Stride-Managed Ethernet Switches running firmware Version 5.0.190. Vulnerable versions of Stride-Manag... Read more

    • Published: May. 09, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-9150

    Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows remote attackers to execute arbitrary code via un... Read more

    Affected Products : pan-os
    • Published: Nov. 19, 2016
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2017-7494

    Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.... Read more

    Affected Products : debian_linux samba
    • Actively Exploited
    • Published: May. 30, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293280 Results