Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

9.8

CRITICAL

CVE-2017-7861

Google gRPC before 2017-02-22 has an out-of-bounds write related to the gpr_free function in core/lib/support/alloc.c....

Affected Products : grpc
EPSS Score: %1.55

Published: Apr. 14, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2017-7824

A buffer overflow occurs when drawing and validating elements with the ANGLE graphics library, used for WebGL content. This is due to an incorrect value being passed within the library during checks and results in a potentially exploitable crash. This vul...

Affected Products : firefox firefox_esr thunderbird debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_eus enterprise_linux_aus
EPSS Score: %15.37

Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-7858

FreeType 2 before 2017-03-07 has an out-of-bounds write related to the TT_Get_MM_Var function in truetype/ttgxvar.c and the sfnt_init_face function in sfnt/sfobjs.c....

Affected Products : freetype
EPSS Score: %0.58

Published: Apr. 14, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2017-7859

FFmpeg before 2017-03-05 has an out-of-bounds write caused by a heap-based buffer overflow related to the ff_h264_slice_context_init function in libavcodec/h264dec.c....

Affected Products : ffmpeg
EPSS Score: %0.99

Published: Apr. 14, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2017-7925

A Password in Configuration File issue was discovered in Dahua DH-IPC-HDBW23A0RN-ZS, DH-IPC-HDBW13A0SN, DH-IPC-HDW1XXX, DH-IPC-HDW2XXX, DH-IPC-HDW4XXX, DH-IPC-HFW1XXX, DH-IPC-HFW2XXX, DH-IPC-HFW4XXX, DH-SD6CXX, DH-NVR1XXX, DH-HCVR4XXX, DH-HCVR5XXX, DHI-HC...

Affected Products : dh-ipc-hdbw23a0rn-zs_firmware dh-ipc-hdbw13a0sn_firmware dh-ipc-hdw1xxx_firmware dh-ipc-hdw2xxx_firmware dh-ipc-hdw4xxx_firmware dh-ipc-hfw1xxx_firmware dh-ipc-hfw2xxx_firmware dh-ipc-hfw4xxx_firmware dh-sd6cxx_firmware dh-nvr1xxx_firmware +20 more products
EPSS Score: %78.95

Published: May. 06, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2017-8013

EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before patch 130 contains undocumented accounts with hard-coded passwords and various privileges. Affected accounts are: "Apollo System Test", "emc.dpa.agent.logon" and "emc.dpa.metrics.logon". A...

Affected Products : data_protection_advisor
EPSS Score: %1.38

Published: Mar. 16, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-7786

A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55....

Affected Products : firefox firefox_esr thunderbird enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
EPSS Score: %11.01

Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-7802

A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are acc...

Affected Products : firefox firefox_esr thunderbird enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
EPSS Score: %3.04

Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-7728

On iSmartAlarm cube devices, there is authentication bypass leading to remote execution of commands (e.g., setting the alarm on/off), related to incorrect cryptography....

Affected Products : cubeone_firmware cubeone
EPSS Score: %2.12

Published: Jul. 11, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2017-7750

A use-after-free vulnerability during video control operations when a "<track>" element holds a reference to an older window if that window has been replaced in the DOM. This results in a potentially exploitable crash. This vulnerability affects Firefox <...

Affected Products : firefox firefox_esr thunderbird enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
EPSS Score: %1.97

Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-7862

FFmpeg before 2017-02-07 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame function in libavcodec/pictordec.c....

Affected Products : ffmpeg
EPSS Score: %1.66

Published: Apr. 14, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2017-7751

A use-after-free vulnerability with content viewer listeners that results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2....

Affected Products : firefox firefox_esr thunderbird enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
EPSS Score: %1.97

Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-7719

SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_functions.php, related to front_end/frontend_functions.php....

Affected Products : spider_event_calendar spider_calendar
EPSS Score: %1.22

Published: Apr. 12, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2017-7793

A use-after-free vulnerability can occur in the Fetch API when the worker or the associated window are freed when still in use, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 56, Firefox ESR < 52.4, and Thunderbird < 52...

Affected Products : firefox firefox_esr thunderbird enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
EPSS Score: %3.24

Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-7749

A use-after-free vulnerability when using an incorrect URL during the reloading of a docshell. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thunderbird < 52.2....

Affected Products : firefox firefox_esr thunderbird enterprise_linux debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus
EPSS Score: %1.97

Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-7695

Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code....

Affected Products : bigtree_cms
EPSS Score: %0.39

Published: Apr. 11, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2017-7866

FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c....

Affected Products : ffmpeg
EPSS Score: %1.64

Published: Apr. 14, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2017-7757

A use-after-free vulnerability in IndexedDB when one of its objects is destroyed in memory while a method on it is still being executed. This results in a potentially exploitable crash. This vulnerability affects Firefox < 54, Firefox ESR < 52.2, and Thun...

Affected Products : firefox firefox_esr thunderbird debian_linux
EPSS Score: %1.97

Published: Jun. 11, 2018

Modified: Nov. 21, 2024
9.8

CRITICAL

CVE-2017-7673

Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection....

Affected Products : openmeetings
EPSS Score: %0.40

Published: Jul. 17, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2017-7576

DragonWave Horizon 1.01.03 wireless radios have hardcoded login credentials (such as the username of energetic and password of wireless) meant to allow the vendor to access the devices. These credentials can be used in the web interface or by connecting t...

Affected Products : horizon_wireless_radio_firmware horizon_wireless_radio
EPSS Score: %0.34

Published: Apr. 06, 2017

Modified: Apr. 20, 2025

Showing 20 of 292319 Results

1
...
1295
1296
1297
1298
1299
1300
1301
...
14616

Browse by Apps

Latest CVE Feed

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

9.8

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable