Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-16047

    mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.... Read more

    Affected Products : mysqljs
    • EPSS Score: %0.28
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16046

    `mariadb` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.... Read more

    Affected Products : mariadb
    • EPSS Score: %0.27
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16045

    `jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.... Read more

    Affected Products : jquery.js
    • EPSS Score: %0.27
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16044

    `d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.... Read more

    Affected Products : d3.js
    • EPSS Score: %0.27
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-16043

    Shout is an IRC client. Because the `/topic` command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser. Affects shout >=0.44.0 <=0.49.3.... Read more

    Affected Products : shout
    • EPSS Score: %0.26
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-16042

    Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.... Read more

    Affected Products : growl
    • EPSS Score: %0.85
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-16041

    ikst versions before 1.1.2 download resources over HTTP, which leaves it vulnerable to MITM attacks.... Read more

    Affected Products : ikst
    • EPSS Score: %0.12
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-16040

    gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attack... Read more

    Affected Products : gfe-sass
    • EPSS Score: %0.77
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16039

    `hftp` is a static http or ftp server `hftp` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.... Read more

    Affected Products : hftp
    • EPSS Score: %0.56
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16038

    `f2e-server` 1.12.11 and earlier is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. This is compounded by `f2e-server` requiring elevated privileges to run.... Read more

    Affected Products : f2e-server
    • EPSS Score: %0.91
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16037

    `gomeplus-h5-proxy` is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing '../' in the URL.... Read more

    Affected Products : gomeplus-h5-proxy
    • EPSS Score: %0.56
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16036

    `badjs-sourcemap-server` receives files sent by `badjs-sourcemap`. `badjs-sourcemap-server` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.... Read more

    Affected Products : badjs-sourcemap-server
    • EPSS Score: %0.56
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-16035

    The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are downloaded over HTTPS however the api.hubapi.com endpoint... Read more

    Affected Products : hubl-server
    • EPSS Score: %0.19
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16031

    Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain acc... Read more

    Affected Products : socket.io
    • EPSS Score: %0.41
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16030

    Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Userage... Read more

    Affected Products : useragent
    • EPSS Score: %0.33
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16029

    hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3.5 and earlier that allows an attacker to read files outside the current directory by sending `../` in the url path... Read more

    Affected Products : hostr
    • EPSS Score: %0.56
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-16028

    react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).... Read more

    Affected Products : randomatic
    • EPSS Score: %0.41
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2017-16026

    Request is an http client. If a request is made using ```multipart```, and the body type is a ```number```, then the specified number of non-zero memory is passed in the body. This affects Request >=2.2.6 <2.47.0 || >2.51.0 <=2.67.0.... Read more

    Affected Products : request
    • EPSS Score: %0.86
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-16025

    Nes is a websocket extension library for hapi. Hapi is a webserver framework. Versions below and including 6.4.0 have a denial of service vulnerability via an invalid Cookie header. This is only present when websocket authentication is set to `cookie`. Su... Read more

    Affected Products : nes
    • EPSS Score: %0.36
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-16024

    The sync-exec module is used to simulate child_process.execSync in node versions <0.11.9. Sync-exec uses tmp directories as a buffer before returning values. Other users on the server have read access to the tmp directory, possibly allowing an attacker on... Read more

    Affected Products : node.js sync-exec
    • EPSS Score: %0.28
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292517 Results