Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2018-15688

    A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.... Read more

    • Published: Oct. 26, 2018
    • Modified: Jun. 09, 2025

  • 7.8

    HIGH
    CVE-2018-15687

    A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.... Read more

    Affected Products : ubuntu_linux systemd
    • Published: Oct. 26, 2018
    • Modified: Jun. 09, 2025

  • 7.8

    HIGH
    CVE-2018-15686

    A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected r... Read more

    • Published: Oct. 26, 2018
    • Modified: Jun. 09, 2025

  • 9.8

    CRITICAL
    CVE-2018-1000517

    BusyBox project BusyBox wget version prior to commit 8e2174e9bd836e53c8b9c6e00d1bc6e2a718686e contains a Buffer Overflow vulnerability in Busybox wget that can result in heap buffer overflow. This attack appear to be exploitable via network connectivity. ... Read more

    Affected Products : ubuntu_linux debian_linux busybox
    • Published: Jun. 26, 2018
    • Modified: Jun. 09, 2025

  • 8.1

    HIGH
    CVE-2018-1000500

    Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromi... Read more

    Affected Products : busybox
    • Published: Jun. 26, 2018
    • Modified: Jun. 09, 2025

  • 7.5

    HIGH
    CVE-2018-1000168

    nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network clie... Read more

    Affected Products : debian_linux node.js nghttp2
    • Published: May. 08, 2018
    • Modified: Jun. 09, 2025

  • 7.1

    HIGH
    CVE-2017-18018

    In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not prevent replacement of a plain file with a symlink during use of the POSIX "-R -L" options, which allows local users to modify the ownership of arbitrary files by leveraging a race co... Read more

    Affected Products : coreutils
    • Published: Jan. 04, 2018
    • Modified: Jun. 09, 2025

  • 8.8

    HIGH
    CVE-2017-16544

    In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. T... Read more

    • Published: Nov. 20, 2017
    • Modified: Jun. 09, 2025

  • 5.5

    MEDIUM
    CVE-2017-15874

    archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an Integer Underflow that leads to a read access violation.... Read more

    Affected Products : busybox
    • Published: Oct. 24, 2017
    • Modified: Jun. 09, 2025

  • 5.5

    MEDIUM
    CVE-2017-15873

    The get_next_block function in archival/libarchive/decompress_bunzip2.c in BusyBox 1.27.2 has an Integer Overflow that may lead to a write access violation.... Read more

    Affected Products : ubuntu_linux debian_linux busybox
    • Published: Oct. 24, 2017
    • Modified: Jun. 09, 2025

  • 9.8

    CRITICAL
    CVE-2017-12652

    libpng before 1.6.32 does not properly check the length of chunks against the user limit.... Read more

    Affected Products : active_iq_unified_manager libpng
    • Published: Jul. 10, 2019
    • Modified: Jun. 09, 2025

  • 6.5

    MEDIUM
    CVE-2016-3189

    Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.... Read more

    Affected Products : python bzip2
    • Published: Jun. 30, 2016
    • Modified: Jun. 09, 2025

  • 6.5

    MEDIUM
    CVE-2016-2781

    chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.... Read more

    Affected Products : coreutils
    • Published: Feb. 07, 2017
    • Modified: Jun. 09, 2025

  • 8.8

    HIGH
    CVE-2015-0973

    Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.... Read more

    Affected Products : libpng mac_os_x solaris
    • Published: Jan. 18, 2015
    • Modified: Jun. 09, 2025

  • 10.0

    HIGH
    CVE-2014-9495

    Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.... Read more

    Affected Products : libpng mac_os_x
    • Published: Jan. 10, 2015
    • Modified: Jun. 09, 2025

  • 6.5

    MEDIUM
    CVE-2013-7354

    Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which triggers a heap-based buffer overflow.... Read more

    Affected Products : libpng
    • Published: May. 06, 2014
    • Modified: Jun. 09, 2025

  • 6.5

    MEDIUM
    CVE-2013-7353

    Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash) via a crafted image, which triggers a heap-based buffer... Read more

    Affected Products : libpng
    • Published: May. 06, 2014
    • Modified: Jun. 09, 2025

  • 5.0

    MEDIUM
    CVE-2013-4392

    systemd, when updating file permissions, allows local users to change the permissions and SELinux security contexts for arbitrary files via a symlink attack on unspecified files.... Read more

    Affected Products : systemd systemd
    • Published: Oct. 28, 2013
    • Modified: Jun. 09, 2025

  • 8.8

    HIGH
    CVE-2011-3045

    Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute ... Read more

    • Published: Mar. 22, 2012
    • Modified: Jun. 09, 2025

  • 5.5

    MEDIUM
    CVE-2023-36266

    An issue was discovered in Keeper Password Manager for Desktop version 16.10.2 (fixed in 17.2), and the KeeperFill Browser Extensions version 16.5.4 (fixed in 17.2), allows local attackers to gain sensitive information via plaintext password storage in me... Read more

    Affected Products : keeper keeperfill
    • Published: Jul. 12, 2023
    • Modified: Jun. 09, 2025
Showing 20 of 292860 Results