Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-5810

    A remote sql injection vulnerability in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.... Read more

    Affected Products : network_automation
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2021-31895

    A vulnerability has been identified in RUGGEDCOM i800 (All versions < V4.3.7), RUGGEDCOM i801 (All versions < V4.3.7), RUGGEDCOM i802 (All versions < V4.3.7), RUGGEDCOM i803 (All versions < V4.3.7), RUGGEDCOM M2100 (All versions < V4.3.7), RUGGEDCOM M2200... Read more

    • Published: Jul. 13, 2021
    • Modified: May. 13, 2025

  • 9.8

    CRITICAL
    CVE-2017-5879

    An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL injection that can be exploited by un-authenticated users via an HTTP GET request and which can be used to dump database data out to a malicious server, using an out-of-band technique, suc... Read more

    Affected Products : exponent_cms
    • Published: Feb. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5830

    Revive Adserver before 4.0.1 allows remote attackers to execute arbitrary code via serialized data in the cookies related to the delivery scripts.... Read more

    Affected Products : revive_adserver
    • Published: Mar. 03, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5668

    bitlbee-libpurple before 3.5.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) and possibly execute arbitrary code via a file transfer request for a contact that is not in the contact list. NOTE: this vulnerabili... Read more

    Affected Products : bitlbee bitlbee-libpurple
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-29971

    If a user had granted a permission to a webpage and saved that grant, any webpage running on the same host - irrespective of scheme or port - would be granted that permission. *This bug only affects Firefox for Android. Other operating systems are unaffec... Read more

    Affected Products : firefox
    • Published: Aug. 05, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-5642

    During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs.... Read more

    Affected Products : ambari
    • Published: Apr. 03, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-29462

    The Portable SDK for UPnP Devices is an SDK for development of UPnP device and control point applications. The server part of pupnp (libupnp) appears to be vulnerable to DNS rebinding attacks because it does not check the value of the `Host` header. This ... Read more

    Affected Products : pupnp
    • Published: Apr. 20, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-5677

    PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression.... Read more

    Affected Products : html_ajax
    • Published: Feb. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5600

    The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account.... Read more

    Affected Products : oncommand_insight
    • Published: Feb. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2021-27852

    Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. This issue affects: Checkbox Survey versions prior to 7.... Read more

    Affected Products : survey
    • Actively Exploited
    • Published: May. 27, 2021
    • Modified: Feb. 19, 2025

  • 9.8

    CRITICAL
    CVE-2021-27103

    Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.... Read more

    Affected Products : fta
    • Actively Exploited
    • Published: Feb. 16, 2021
    • Modified: Feb. 04, 2025

  • 9.8

    CRITICAL
    CVE-2017-5575

    SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter.... Read more

    Affected Products : genixcms
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5651

    In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the refactoring of the HTTP connectors introduced a regression in the send file processing. If the send file processing completed quickly, it was possible for the Processor to be added to the pro... Read more

    Affected Products : tomcat
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5574

    SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter.... Read more

    Affected Products : genixcms
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5569

    An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the template.jsp, which can be exploited without the need of authentication and via an HTTP POST request, and which can be used to dump database da... Read more

    Affected Products : patient_portal
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5581

    Buffer overflow in the ModifiablePixelBuffer::fillRect function in TigerVNC before 1.7.1 allows remote servers to execute arbitrary code via an RRE message with subrectangle outside framebuffer boundaries.... Read more

    Affected Products : tigervnc
    • Published: Feb. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5533

    A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analy... Read more

    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5511

    coders/psd.c in ImageMagick allows remote attackers to have unspecified impact by leveraging an improper cast, which triggers a heap-based buffer overflow.... Read more

    Affected Products : debian_linux imagemagick
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5484

    The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print().... Read more

    Affected Products : tcpdump
    • Published: Jan. 28, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293353 Results