Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2017-16544

    In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. T... Read more

    • Published: Nov. 20, 2017
    • Modified: Jun. 09, 2025

  • 5.5

    MEDIUM
    CVE-2017-15874

    archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation.... Read more

    Affected Products : busybox
    • Published: Oct. 24, 2017
    • Modified: Jun. 09, 2025

  • 5.5

    MEDIUM
    CVE-2017-15873

    The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.... Read more

    Affected Products : ubuntu_linux debian_linux busybox
    • Published: Oct. 24, 2017
    • Modified: Jun. 09, 2025

  • 9.8

    CRITICAL
    CVE-2017-12652

    libpng before 1.6.32 does not properly check the length of chunks against the user limit.... Read more

    Affected Products : active_iq_unified_manager libpng
    • Published: Jul. 10, 2019
    • Modified: Jun. 09, 2025

  • 6.5

    MEDIUM
    CVE-2016-3189

    Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.... Read more

    Affected Products : python bzip2
    • Published: Jun. 30, 2016
    • Modified: Jun. 09, 2025

  • 6.5

    MEDIUM
    CVE-2016-2781

    chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.... Read more

    Affected Products : coreutils
    • Published: Feb. 07, 2017
    • Modified: Jun. 09, 2025

  • 8.8

    HIGH
    CVE-2015-0973

    Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.... Read more

    Affected Products : libpng mac_os_x solaris
    • Published: Jan. 18, 2015
    • Modified: Jun. 09, 2025

  • 10.0

    HIGH
    CVE-2014-9495

    Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.... Read more

    Affected Products : libpng mac_os_x
    • Published: Jan. 10, 2015
    • Modified: Jun. 09, 2025

  • 6.5

    MEDIUM
    CVE-2013-7354

    Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.... Read more

    Affected Products : libpng
    • Published: May. 06, 2014
    • Modified: Jun. 09, 2025

  • 6.5

    MEDIUM
    CVE-2013-7353

    Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer... Read more

    Affected Products : libpng
    • Published: May. 06, 2014
    • Modified: Jun. 09, 2025

  • 5.0

    MEDIUM
    CVE-2013-4392

    systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.... Read more

    Affected Products : systemd systemd
    • Published: Oct. 28, 2013
    • Modified: Jun. 09, 2025

  • 8.8

    HIGH
    CVE-2011-3045

    Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute ... Read more

    • Published: Mar. 22, 2012
    • Modified: Jun. 09, 2025

  • 5.5

    MEDIUM
    CVE-2023-36266

    An issue was discovered in Keeper Password Manager for Desktop version 16.10.2 (fixed in 17.2), and the KeeperFill Browser Extensions version 16.5.4 (fixed in 17.2), allows local attackers to gain sensitive information via plaintext password storage in me... Read more

    Affected Products : keeper keeperfill
    • Published: Jul. 12, 2023
    • Modified: Jun. 09, 2025

  • 6.5

    MEDIUM
    CVE-2023-34969

    D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. If a privileged user with control over the dbus-daemon is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, then an unprivileged user with the ... Read more

    Affected Products : fedora debian_linux dbus
    • Published: Jun. 08, 2023
    • Modified: Jun. 09, 2025

  • 7.7

    HIGH
    CVE-2023-27538

    An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously us... Read more

    • Published: Mar. 30, 2023
    • Modified: Jun. 09, 2025

  • 5.9

    MEDIUM
    CVE-2023-27535

    An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they... Read more

    • Published: Mar. 30, 2023
    • Modified: Jun. 09, 2025

  • 6.5

    MEDIUM
    CVE-2022-42012

    An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in... Read more

    Affected Products : fedora dbus
    • Published: Oct. 10, 2022
    • Modified: Jun. 09, 2025

  • 6.5

    MEDIUM
    CVE-2022-42011

    An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inco... Read more

    Affected Products : fedora dbus
    • Published: Oct. 10, 2022
    • Modified: Jun. 09, 2025

  • 6.5

    MEDIUM
    CVE-2022-42010

    An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type sig... Read more

    Affected Products : fedora dbus
    • Published: Oct. 10, 2022
    • Modified: Jun. 09, 2025

  • 7.1

    HIGH
    CVE-2022-29458

    ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.... Read more

    Affected Products : debian_linux macos ncurses
    • Published: Apr. 18, 2022
    • Modified: Jun. 09, 2025
Showing 20 of 293328 Results