Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2019-18276

    An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does s... Read more

    • Published: Nov. 28, 2019
    • Modified: Jun. 09, 2025

  • 9.8

    CRITICAL
    CVE-2019-12900

    BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.... Read more

    • Published: Jun. 19, 2019
    • Modified: Jun. 09, 2025

  • 7.8

    HIGH
    CVE-2018-6954

    systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later r... Read more

    Affected Products : ubuntu_linux leap systemd systemd
    • Published: Feb. 13, 2018
    • Modified: Jun. 09, 2025

  • 7.5

    HIGH
    CVE-2018-20679

    An issue was discovered in BusyBox before 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP server, client, and relay) allows a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is r... Read more

    • Published: Jan. 09, 2019
    • Modified: Jun. 09, 2025

  • 8.8

    HIGH
    CVE-2018-15688

    A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.... Read more

    • Published: Oct. 26, 2018
    • Modified: Jun. 09, 2025

  • 7.8

    HIGH
    CVE-2018-15687

    A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.... Read more

    Affected Products : ubuntu_linux systemd
    • Published: Oct. 26, 2018
    • Modified: Jun. 09, 2025

  • 7.8

    HIGH
    CVE-2018-15686

    A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected r... Read more

    • Published: Oct. 26, 2018
    • Modified: Jun. 09, 2025

  • 9.8

    CRITICAL
    CVE-2018-1000517

    BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. ... Read more

    Affected Products : ubuntu_linux debian_linux busybox
    • Published: Jun. 26, 2018
    • Modified: Jun. 09, 2025

  • 8.1

    HIGH
    CVE-2018-1000500

    Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromi... Read more

    Affected Products : busybox
    • Published: Jun. 26, 2018
    • Modified: Jun. 09, 2025

  • 7.5

    HIGH
    CVE-2018-1000168

    nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network clie... Read more

    Affected Products : debian_linux node.js nghttp2
    • Published: May. 08, 2018
    • Modified: Jun. 09, 2025

  • 7.1

    HIGH
    CVE-2017-18018

    In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race co... Read more

    Affected Products : coreutils
    • Published: Jan. 04, 2018
    • Modified: Jun. 09, 2025

  • 8.8

    HIGH
    CVE-2017-16544

    In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. T... Read more

    • Published: Nov. 20, 2017
    • Modified: Jun. 09, 2025

  • 5.5

    MEDIUM
    CVE-2017-15874

    archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation.... Read more

    Affected Products : busybox
    • Published: Oct. 24, 2017
    • Modified: Jun. 09, 2025

  • 5.5

    MEDIUM
    CVE-2017-15873

    The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.... Read more

    Affected Products : ubuntu_linux debian_linux busybox
    • Published: Oct. 24, 2017
    • Modified: Jun. 09, 2025

  • 9.8

    CRITICAL
    CVE-2017-12652

    libpng before 1.6.32 does not properly check the length of chunks against the user limit.... Read more

    Affected Products : active_iq_unified_manager libpng
    • Published: Jul. 10, 2019
    • Modified: Jun. 09, 2025

  • 6.5

    MEDIUM
    CVE-2016-3189

    Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.... Read more

    Affected Products : python bzip2
    • Published: Jun. 30, 2016
    • Modified: Jun. 09, 2025

  • 6.5

    MEDIUM
    CVE-2016-2781

    chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.... Read more

    Affected Products : coreutils
    • Published: Feb. 07, 2017
    • Modified: Jun. 09, 2025

  • 8.8

    HIGH
    CVE-2015-0973

    Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.... Read more

    Affected Products : libpng mac_os_x solaris
    • Published: Jan. 18, 2015
    • Modified: Jun. 09, 2025

  • 10.0

    HIGH
    CVE-2014-9495

    Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.... Read more

    Affected Products : libpng mac_os_x
    • Published: Jan. 10, 2015
    • Modified: Jun. 09, 2025

  • 6.5

    MEDIUM
    CVE-2013-7354

    Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.... Read more

    Affected Products : libpng
    • Published: May. 06, 2014
    • Modified: Jun. 09, 2025
Showing 20 of 293308 Results