Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2016-10698

    mystem-fix is a node.js wrapper for MyStem morphology text analyzer by Yandex.ru mystem-fix downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the reque... Read more

    Affected Products : mystem-fix
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10697

    react-native-baidu-voice-synthesizer is a baidu voice speech synthesizer for react native. react-native-baidu-voice-synthesizer downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (R... Read more

    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10696

    windows-latestchromedriver downloads the latest version of chromedriver.exe. windows-latestchromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping o... Read more

    Affected Products : windows-latestchromedriver
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10695

    The npm-test-sqlite3-trunk module provides asynchronous, non-blocking SQLite3 bindings. npm-test-sqlite3-trunk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swa... Read more

    Affected Products : npm-test-sqlite3-trunk
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10694

    alto-saxophone is a module to install and launch Chromedriver for Mac, Linux or Windows. alto-saxophone versions below 2.25.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code executio... Read more

    Affected Products : alto-saxophone
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10693

    pm2-kafka is a PM2 module that installs and runs a kafka server pm2-kafka downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources wit... Read more

    Affected Products : pm2-kafka
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10692

    haxeshim haxe shim to deal with coexisting versions. haxeshim downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker contr... Read more

    Affected Products : haxeshim
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10691

    windows-seleniumjar is a module that downloads the Selenium Jar file windows-seleniumjar downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requeste... Read more

    Affected Products : windows-seleniumjar
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10690

    openframe-ascii-image module is an openframe plugin which adds support for ascii images via fim. openframe-ascii-image downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by sw... Read more

    Affected Products : openframe-ascii-image
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10689

    The windows-iedriver module downloads fixed version of iedriverserver.exe windows-iedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the reques... Read more

    Affected Products : windows-iedriver
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10688

    Haxe 3 : The Cross-Platform Toolkit (a fork from David Mouton's damoebius/haxe-npm) haxe3 downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested reso... Read more

    Affected Products : haxe
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10687

    windows-selenium-chromedriver is a module that downloads the Selenium Jar file. windows-selenium-chromedriver downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swap... Read more

    Affected Products : windows-selenium-chromedriver
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10686

    fis-sass-all is another libsass wrapper for node. fis-sass-all downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attack... Read more

    Affected Products : fis-sass-all
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10685

    pk-app-wonderbox is an integration with wonderbox pk-app-wonderbox downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an at... Read more

    Affected Products : pk-app-wonderbox
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10684

    healthcenter - IBM Monitoring and Diagnostic Tools health Center agent healthcenter downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested res... Read more

    Affected Products : healthcenter
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10683

    arcanist downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or posit... Read more

    Affected Products : arcanist
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10682

    massif is a Phantomjs fork massif downloads resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker i... Read more

    Affected Products : massif
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10681

    roslib-socketio - The standard ROS Javascript Library fork for add support to socket.io roslib-socketio downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping o... Read more

    Affected Products : roslibjs
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-10680

    adamvr-geoip-lite is a light weight native JavaScript implementation of GeoIP API from MaxMind adamvr-geoip-lite downloads geoip resources over HTTP, which leaves it vulnerable to MITM attacks. This impacts the integrity and availability of this geoip dat... Read more

    Affected Products : adamvr-geoip-lite
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2016-10679

    selenium-standalone-painful installs a start-selenium command line to start a standalone selenium server with chrome-driver. selenium-standalone-painful downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible t... Read more

    Affected Products : selenium-standalone-painful
    • Published: May. 29, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292836 Results