Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-1000196

    October CMS build 412 is vulnerable to PHP code execution in the asset manager functionality resulting in site compromise and possibly other applications on the server.... Read more

    Affected Products : october
    • EPSS Score: %1.06
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000362

    The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encrypt them. These backups were world-readable and not remo... Read more

    Affected Products : jenkins
    • EPSS Score: %1.23
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000192

    Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File Inclusion in the functionality of javascript files inclusion. The attacker can read the configuration files that contain the login and password from the database, private encryption key,... Read more

    Affected Products : syspass
    • EPSS Score: %0.19
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000173

    Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. By creating a large loop whiling pushing data to a buffer, we can break out of the bounds checking of that buffer. When list.join is called on the data it will read past a buffer result... Read more

    Affected Products : gravity
    • EPSS Score: %1.12
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000212

    Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code.... Read more

    Affected Products : alchemist-server
    • EPSS Score: %1.87
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000171

    Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to the Mahara access log in plain text.... Read more

    Affected Products : mahara_mobile
    • EPSS Score: %0.33
    • Published: Nov. 03, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000172

    Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. An example of a Heap-Use-After-Free after the 'sublexer' pointer has been freed. Line 542 of gravity_lexer.c. 'lexer' is being used to access a variable but 'lexer' has already been fre... Read more

    Affected Products : gravity
    • EPSS Score: %1.13
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000152

    Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 are vulnerable to one user being logged in as another user on a separate computer as the same session ID is served. This situation can occur when a user takes an action that forces anoth... Read more

    Affected Products : mahara
    • EPSS Score: %0.34
    • Published: Nov. 03, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000154

    Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before 16.04.2 are vulnerable to some authentication methods, which do not use Mahara's built-in login form, still allowing users to log in even if their institution was expired or suspended.... Read more

    Affected Products : mahara
    • EPSS Score: %0.61
    • Published: Nov. 03, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000081

    Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of applications (.oar) resulting in remote code execution.... Read more

    Affected Products : onos
    • EPSS Score: %8.81
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000030

    Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Java Key Store Password Disclosure vulnerability, that makes it possible to provide an unauthenticated attacker plain text password of administrative user and grant access to t... Read more

    Affected Products : glassfish_server
    • EPSS Score: %3.58
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000074

    Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function.... Read more

    Affected Products : gravity
    • EPSS Score: %0.85
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000009

    Akeneo PIM CE and EE <1.6.6, <1.5.15, <1.4.28 are vulnerable to shell injection in the mass edition, resulting in remote execution.... Read more

    Affected Products : product_information_management
    • EPSS Score: %11.10
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000003

    ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control check vulnerability in the Social Application component resulting in privilege escalation. ATutor versions 2.2.1 and earlier are vulnerable to an incorrect access control chec... Read more

    Affected Products : atutor
    • EPSS Score: %0.28
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000037

    RVM automatically loads environment variables from files in $PWD resulting in command execution RVM vulnerable to command injection when automatically loading environment variables from files in $PWD RVM automatically executes hooks located in $PWD result... Read more

    Affected Products : rvm
    • EPSS Score: %21.71
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2020-12823

    OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.... Read more

    Affected Products : fedora debian_linux leap openconnect
    • EPSS Score: %1.51
    • Published: May. 12, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-0907

    The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, 1.4.14, 1.5.3, 1.6.2, 1.7.1, 1.8.1 is vulnerable to a Server-Side Request Forgery vulnerability due to incorrect use of "Uri.EscapeUriString" that could result in compromise of API keys o... Read more

    Affected Products : recurly_client_.net
    • EPSS Score: %0.52
    • Published: Nov. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-0906

    The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, 2.4.5, 2.5.1, 2.6.2 is vulnerable to a Server-Side Request Forgery vulnerability in the "Resource.get" method that could result in compromise of API keys or other critical resources.... Read more

    Affected Products : recurly_client_python
    • EPSS Score: %0.52
    • Published: Nov. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-41730

    In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint. The attacker can fully compromise the system resulting in High impact on ... Read more

    • Published: Aug. 13, 2024
    • Modified: Sep. 12, 2024

  • 9.8

    CRITICAL
    CVE-2017-0903

    RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a possible remote code execution vulnerability. YAML deserialization of gem specifications can bypass class white lists. Specially crafted serialized objects can possibly be used to escalate to ... Read more

    • EPSS Score: %4.90
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292495 Results