Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-16052

    `node-fabric` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.... Read more

    Affected Products : node-fabric
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16051

    `sqliter` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.... Read more

    Affected Products : sqliter
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16050

    `sqlite.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.... Read more

    Affected Products : sqlite.js
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16049

    `nodesqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.... Read more

    Affected Products : nodesqlite
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16048

    `node-sqlite` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.... Read more

    Affected Products : node-sqlite
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16047

    mysqljs was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.... Read more

    Affected Products : mysqljs
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16046

    `mariadb` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.... Read more

    Affected Products : mariadb
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16045

    `jquery.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.... Read more

    Affected Products : jquery.js
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16044

    `d3.js` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm.... Read more

    Affected Products : d3.js
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-16043

    Shout is an IRC client. Because the `/topic` command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser. Affects shout >=0.44.0 <=0.49.3.... Read more

    Affected Products : shout
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-16042

    Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.... Read more

    Affected Products : growl
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-16041

    ikst versions before 1.1.2 download resources over HTTP, which leaves it vulnerable to MITM attacks.... Read more

    Affected Products : ikst
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-16040

    gfe-sass is a library for promises (CommonJS/Promises/A,B,D) gfe-sass downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attack... Read more

    Affected Products : gfe-sass
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16039

    `hftp` is a static http or ftp server `hftp` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.... Read more

    Affected Products : hftp
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16038

    `f2e-server` 1.12.11 and earlier is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. This is compounded by `f2e-server` requiring elevated privileges to run.... Read more

    Affected Products : f2e-server
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16037

    `gomeplus-h5-proxy` is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing '../' in the URL.... Read more

    Affected Products : gomeplus-h5-proxy
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16036

    `badjs-sourcemap-server` receives files sent by `badjs-sourcemap`. `badjs-sourcemap-server` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.... Read more

    Affected Products : badjs-sourcemap-server
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-16035

    The hubl-server module is a wrapper for the HubL Development Server. During installation hubl-server downloads a set of dependencies from api.hubapi.com. It appears in the code that these files are downloaded over HTTPS however the api.hubapi.com endpoint... Read more

    Affected Products : hubl-server
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16031

    Socket.io is a realtime application framework that provides communication via websockets. Because socket.io 0.9.6 and earlier depends on `Math.random()` to create socket IDs, the IDs are predictable. An attacker is able to guess the socket ID and gain acc... Read more

    Affected Products : socket.io
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-16030

    Useragent is used to parse useragent headers. It uses several regular expressions to accomplish this. An attacker could edit their own headers, creating an arbitrarily long useragent string, causing the event loop and server to block. This affects Userage... Read more

    Affected Products : useragent
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292818 Results