Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-16115

    The timespan module is vulnerable to regular expression denial of service. Given 50k characters of untrusted user input it will block the event loop for around 10 seconds.... Read more

    Affected Products : timespan
    • EPSS Score: %0.28
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16114

    The marked module is vulnerable to a regular expression denial of service. Based on the information published in the public issue, 1k characters can block for around 6 seconds.... Read more

    Affected Products : marked
    • EPSS Score: %0.27
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16113

    The parsejson module is vulnerable to regular expression denial of service when untrusted user input is passed into it to be parsed.... Read more

    Affected Products : parsejson
    • EPSS Score: %0.30
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16111

    The content module is a module to parse HTTP Content-* headers. It is used by the hapijs framework to provide this functionality. The module is vulnerable to regular expression denial of service when passed a specifically crafted Content-Type or Content-D... Read more

    Affected Products : content
    • EPSS Score: %0.33
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16110

    weather.swlyons is a simple web server for weather updates. weather.swlyons is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.... Read more

    Affected Products : weather.swlyons
    • EPSS Score: %0.56
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-16109

    easyquick is a simple web server. easyquick is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Access is constrained, however, to supported file types. Requesting a file such as /etc/pass... Read more

    Affected Products : easyquick
    • EPSS Score: %0.19
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16108

    gaoxiaotingtingting is an HTTP server. gaoxiaotingtingting is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.... Read more

    Affected Products : gaoxiaotingtingting
    • EPSS Score: %0.56
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16107

    pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.... Read more

    Affected Products : pooledwebsocket
    • EPSS Score: %0.56
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16106

    tmock is a static file server. tmock is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.... Read more

    Affected Products : tmock
    • EPSS Score: %0.56
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16105

    serverwzl is a simple http server. serverwzl is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.... Read more

    Affected Products : serverwzl
    • EPSS Score: %0.56
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16104

    citypredict.whauwiller is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.... Read more

    Affected Products : citypredict.whauwiller
    • EPSS Score: %0.56
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16103

    serveryztyzt is a simple http server. serveryztyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.... Read more

    Affected Products : serveryztyzt
    • EPSS Score: %0.56
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16102

    serverhuwenhui is a simple http server. serverhuwenhui is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.... Read more

    Affected Products : serverhuwenhui
    • EPSS Score: %0.56
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16101

    serverwg is a simple http server. serverwg is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.... Read more

    Affected Products : serverwg
    • EPSS Score: %0.56
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-16100

    dns-sync is a sync/blocking dns resolver. If untrusted user input is allowed into the resolve() method then command injection is possible.... Read more

    Affected Products : dns-sync
    • EPSS Score: %5.61
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16099

    The no-case module is vulnerable to regular expression denial of service. When malicious untrusted user input is passed into no-case it can block the event loop causing a denial of service condition.... Read more

    Affected Products : no-case
    • EPSS Score: %0.33
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16098

    charset 1.0.0 and below are vulnerable to regular expression denial of service. Input of around 50k characters is required for a slow down of around 2 seconds. Unless node was compiled using the -DHTTP_MAX_HEADER_SIZE= option the default header max length... Read more

    Affected Products : charset
    • EPSS Score: %0.33
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16097

    tiny-http is a simple http server. tiny-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.... Read more

    Affected Products : tiny-http
    • EPSS Score: %0.56
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16096

    serveryaozeyan is a simple HTTP server. serveryaozeyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.... Read more

    Affected Products : serveryaozeyan
    • EPSS Score: %0.56
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16095

    serverliujiayi1 is a simple http server. serverliujiayi1 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.... Read more

    Affected Products : serverliujiayi1
    • EPSS Score: %0.56
    • Published: Jun. 07, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292316 Results