Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-17589

    FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter.... Read more

    Affected Products : thumbtack_clone
    • EPSS Score: %2.38
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17598

    Affiliate MLM Script 1.0 has SQL Injection via the product-category.php key parameter.... Read more

    Affected Products : affiliate_mlm_script
    • EPSS Score: %2.51
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2025-43234

    Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 11.6, iOS 18.6 and iPadOS 18.6, tvOS 18.6, macOS Sequoia 15.6, visionOS 2.6. Processing a maliciously crafted texture may lead to unexpected ap... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Jul. 30, 2025
    • Modified: Aug. 01, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2017-17479

    In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.... Read more

    Affected Products : openjpeg
    • EPSS Score: %5.62
    • Published: Dec. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17499

    ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a use-after-free in Magick::Image::read in Magick++/lib/Image.cpp.... Read more

    Affected Products : ubuntu_linux debian_linux imagemagick
    • EPSS Score: %2.03
    • Published: Dec. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17485

    FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the re... Read more

    • EPSS Score: %76.42
    • Published: Jan. 10, 2018
    • Modified: Aug. 27, 2025

  • 9.8

    CRITICAL
    CVE-2017-17480

    In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtovolume function in jp3d/convert.c. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution.... Read more

    Affected Products : ubuntu_linux openjpeg debian_linux
    • EPSS Score: %3.06
    • Published: Dec. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17422

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackup G... Read more

    Affected Products : netvault_backup
    • EPSS Score: %20.96
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17412

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of GET method r... Read more

    Affected Products : netvault_backup
    • EPSS Score: %20.96
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17414

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseSta... Read more

    Affected Products : netvault_backup
    • EPSS Score: %20.96
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17434

    The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, does not check for fnamecmp filenames in the daemon_filter_list data structure (in the recv_files function in receiver.c) and also does not apply the sanitize_paths protection mechanism t... Read more

    Affected Products : debian_linux rsync
    • EPSS Score: %1.16
    • Published: Dec. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17421

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUSelectio... Read more

    Affected Products : netvault_backup
    • EPSS Score: %20.96
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17301

    Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR1200 V200R005C20, V200R005C32, V200R006C10, V200R007C00, V200R007C01, V200R007C02, V200R008C20, AR1200-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, AR150 V200R006C10, V200R007C0... Read more

    • EPSS Score: %0.21
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17423

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUBackupSe... Read more

    Affected Products : netvault_backup
    • EPSS Score: %20.96
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17419

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUTransfer... Read more

    Affected Products : netvault_backup
    • EPSS Score: %20.96
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17420

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUJobCount... Read more

    Affected Products : netvault_backup
    • EPSS Score: %18.66
    • Published: Feb. 08, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2025-24126

    An input validation issue was addressed. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker on the local network may be able to cause unexpected system termination or corrupt process mem... Read more

    Affected Products : macos iphone_os tvos watchos ipados visionos
    • Published: Jan. 27, 2025
    • Modified: Mar. 17, 2025
    • Vuln Type: Memory Corruption

  • 9.8

    CRITICAL
    CVE-2017-17086

    Indeo Otter through 1.7.4 mishandles a "</script>" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as demonstrated by the Plan Editor.... Read more

    Affected Products : otter
    • EPSS Score: %0.69
    • Published: Dec. 01, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-16943

    The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via vectors involving BDAT commands.... Read more

    Affected Products : debian_linux exim
    • EPSS Score: %78.88
    • Published: Nov. 25, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-16935

    Ametys before 4.0.3 requires authentication only for URIs containing a /cms/ substring, which allows remote attackers to bypass intended access restrictions via a direct request to /plugins/core-ui/servercomm/messages.xml, as demonstrated by changing the ... Read more

    Affected Products : ametys
    • EPSS Score: %7.14
    • Published: Nov. 24, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292737 Results