Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-20148

    In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls.... Read more

    Affected Products : logcheck
    • EPSS Score: %0.11
    • Published: Sep. 20, 2022
    • Modified: May. 29, 2025

  • 9.8

    CRITICAL
    CVE-2017-18210

    In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was found in the function BenchmarkOpenCLDevices in MagickCore/opencl.c because a memory allocation result is not checked.... Read more

    Affected Products : imagemagick
    • EPSS Score: %0.34
    • Published: Mar. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1710

    A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (2076) 8.1 could allow a remote attacker to perform a privilege escalation. IBM X-Force ID: 134531.... Read more

    • EPSS Score: %1.01
    • Published: Nov. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-16634

    In Joomla! before 3.8.2, a bug allowed third parties to bypass a user's 2-factor authentication method.... Read more

    Affected Products : joomla\!
    • EPSS Score: %0.14
    • Published: Nov. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-16613

    An issue was discovered in middleware.py in OpenStack Swauth through 1.2.0 when used with OpenStack Swift through 2.15.1. The Swift object store and proxy server are saving (unhashed) tokens retrieved from the Swauth middleware authentication mechanism to... Read more

    Affected Products : debian_linux swauth swift
    • EPSS Score: %3.15
    • Published: Nov. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-16042

    Growl adds growl notification support to nodejs. Growl before 1.10.2 does not properly sanitize input before passing it to exec, allowing for arbitrary command execution.... Read more

    Affected Products : growl
    • EPSS Score: %0.85
    • Published: Jun. 04, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-15531

    Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 does not restrict excessive authentication attempts for management interface users. A remote attacker can use brute force search to guess a user password and gain access to Reporter.... Read more

    Affected Products : reporter
    • EPSS Score: %6.56
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2024-7521

    Incomplete WebAssembly exception handing could have led to a use-after-free. This vulnerability affects Firefox < 129, Firefox ESR < 115.14, Firefox ESR < 128.1, Thunderbird < 128.1, and Thunderbird < 115.14.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Aug. 06, 2024
    • Modified: Aug. 12, 2024

  • 9.8

    CRITICAL
    CVE-2017-14417

    register_send.php on D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices does not require authentication, which can result in unintended enrollment in mydlink Cloud Services.... Read more

    Affected Products : dir-850l_firmware dir-850l
    • EPSS Score: %0.51
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14377

    EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and RSA Authentication Agent for Web: Apache Web Server version 8.0.1 prior to Build 618 have a security vulnerability that could potentially lead to authentication bypass.... Read more

    Affected Products : authentication_agent_for_web
    • EPSS Score: %3.59
    • Published: Nov. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14138

    ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in coders/webp.c because memory is not freed in certain error cases, as demonstrated by VP8 errors.... Read more

    Affected Products : imagemagick
    • EPSS Score: %0.32
    • Published: Sep. 04, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14089

    An Unauthorized Memory Corruption vulnerability in Trend Micro OfficeScan 11.0 and XG may allow remote unauthenticated users who can access the OfficeScan server to target cgiShowClientAdm.exe and cause memory corruption issues.... Read more

    Affected Products : officescan
    • EPSS Score: %31.50
    • Published: Oct. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2024-6602

    A mismatch between allocator and deallocator could have led to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jul. 09, 2024
    • Modified: Apr. 04, 2025

  • 9.8

    CRITICAL
    CVE-2017-12814

    Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.... Read more

    Affected Products : windows perl
    • EPSS Score: %2.61
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12236

    A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endp... Read more

    Affected Products : ios_xe
    • EPSS Score: %3.34
    • Published: Sep. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12170

    Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because... Read more

    Affected Products : fedora pure-ftpd
    • EPSS Score: %0.33
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11357

    Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.... Read more

    Affected Products : esoms ui_for_asp.net_ajax
    • Actively Exploited
    • EPSS Score: %93.41
    • Published: Aug. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11317

    Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.... Read more

    Affected Products : esoms ui_for_asp.net_ajax
    • Actively Exploited
    • EPSS Score: %91.39
    • Published: Aug. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11284

    Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.... Read more

    Affected Products : coldfusion
    • EPSS Score: %23.86
    • Published: Dec. 01, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11283

    Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. This affects Update 4 and earlier versions for ColdFusion 2016, and Update 12 and earlier versions for ColdFusion 11.... Read more

    Affected Products : coldfusion
    • EPSS Score: %23.86
    • Published: Dec. 01, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291908 Results