Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2012-2773

    Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.... Read more

    Affected Products : ffmpeg
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2012-2771

    Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2773, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.... Read more

    Affected Products : ffmpeg
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-9370

    An information disclosure / elevation of privilege vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker who has legitimate access to BlackBerry Workspaces to gain access to another user's workspace by making multiple login... Read more

    Affected Products : workspaces
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-7764

    Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode.... Read more

    Affected Products : lemur
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-6941

    win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs.... Read more

    Affected Products : salt salt_2015
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2015-5619

    Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack... Read more

    Affected Products : logstash logstash
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-4165

    The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location th... Read more

    Affected Products : elasticsearch
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-3405

    ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow remote att... Read more

    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-12754

    Stack buffer overflow in httpd in Asuswrt-Merlin firmware 380.67_0RT-AC5300 and earlier for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51... Read more

    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025

  • 4.6

    MEDIUM
    CVE-2017-5695

    Data corruption vulnerability in firmware in Intel Solid-State Drive Consumer, Professional, Embedded, Data Center affected firmware versions LSBG200, LSF031C, LSF036C, LBF010C, LSBG100, LSF031C, LSF036C, LBF010C, LSF031P, LSF036P, LBF010P, LSF031P, LSF03... Read more

    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025

  • 4.9

    MEDIUM
    CVE-2017-5694

    Data corruption vulnerability in firmware in Intel Solid-State Drive Professional PSF104P, PSF109P allows local users to cause a denial of service via unspecified vectors.... Read more

    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-5716

    The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node.... Read more

    Affected Products : puppet_enterprise
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025

  • 7.4

    HIGH
    CVE-2017-11506

    When linking a Nessus scanner or agent to Tenable.io or other manager, Nessus 6.x before 6.11 does not verify the manager's TLS certificate when making the initial outgoing connection. This could allow man-in-the-middle attacks.... Read more

    Affected Products : nessus
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-8691

    Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow an attacker to execute code remotely on a target system when the Windows font library fails to properly handle specially crafted embedded fonts, aka "Express Compressed Fonts Remote Code Executio... Read more

    Affected Products : windows_7 windows_server_2008
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-8674

    Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memo... Read more

    Affected Products : edge windows_10
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-8673

    The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 10 1703 allows an attacker to connect to a target system using RDP and send specially crafted requests, aka "Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability."... Read more

    Affected Products : windows_10
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-8672

    Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects ... Read more

    Affected Products : edge windows_10 windows_server_2016
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-8671

    Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects ... Read more

    Affected Products : edge windows_10 windows_server_2016
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-8670

    Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in mem... Read more

    Affected Products : edge windows_10 windows_server_2016
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-8669

    Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the... Read more

    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294850 Results