Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2017-2296

    In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service. This was resolved in Puppet... Read more

    Affected Products : puppet_enterprise
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-2293

    Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped with an MCollective configuration that allowed the package plugin to install or remove arbitrary packages on all managed agents. This release adds default configuration to not allow these... Read more

    Affected Products : puppet_enterprise
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-2166

    Open redirect vulnerability in GroupSession version 4.7.0 and earlier allows an attacker to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.... Read more

    Affected Products : groupsession
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-2158

    Improper verification when expanding ZIP64 archives in Lhaplus versions 1.73 and earlier may lead to unintended contents to be extracted from a specially crafted ZIP64 archive.... Read more

    Affected Products : lhaplus
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 4.0

    MEDIUM
    CVE-2017-20191

    A vulnerability was found in Zimbra zm-admin-ajax up to 8.8.1. It has been classified as problematic. This affects the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js of the component Form Textbox Field Error Hand... Read more

    Affected Products :
    • Published: Mar. 31, 2024
    • Modified: Nov. 21, 2024

  • 0.0

    NA
    CVE-2017-20190

    Some Microsoft technologies as used in Windows 8 through 11 allow a temporary client-side performance degradation during processing of multiple Unicode combining characters, aka a "Zalgo text" attack. NOTE: third parties dispute whether the computational ... Read more

    Affected Products : windows windows_11_23h2
    • Published: Mar. 27, 2024
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2017-20188

    A vulnerability has been found in Zimbra zm-ajax up to 8.8.1 and classified as problematic. Affected by this vulnerability is the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js. The manipulation of the argument m... Read more

    Affected Products : zm-ajax
    • Published: Jan. 02, 2024
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-20187

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Magnesium-PHP up to 0.3.0. It has been classified as problematic. Affected is the function formatEmailString of the file src/Magnesium/Message/Base.php. The manipulation of the argument email/na... Read more

    Affected Products : magnesium-php
    • Published: Nov. 05, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-20186

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in nikooo777 ckSurf up to 1.19.2. It has been declared as problematic. This vulnerability affects the function SpecListMenuDead of the file csgo/addons/sourcemod/scripting/ckSurf/misc.sp of the com... Read more

    Affected Products : cksurf
    • Published: Aug. 28, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-20185

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Fuzzy SWMP. It has been rated as problematic. This issue affects some unknown processing of the file swmp.php of the component GET Parameter Handler. The manipulation of the argument theme leads... Read more

    Affected Products : server_web_monitor_page
    • Published: Jun. 06, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-20183

    A vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function print_media_new_panel of the file external-media-without-import.php. The manipulation ... Read more

    Affected Products : external_media_without_import
    • Published: May. 05, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-20182

    A vulnerability was found in Mobile Vikings Django AJAX Utilities up to 1.2.1 and classified as problematic. This issue affects the function Pagination of the file django_ajax/static/ajax-utilities/js/pagination.js of the component Backslash Handler. The ... Read more

    Affected Products : django_ajax_utilities
    • Published: Mar. 10, 2023
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-20181

    A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0 on Android. This vulnerability affects unknown code of the file src/at/hgz/vocabletrainer/VocableTrainerProvider.java. The manipulation leads to path traversal. Attack... Read more

    Affected Products : vocable_trainer
    • Published: Mar. 07, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-20180

    A vulnerability classified as critical has been found in Zerocoin libzerocoin. Affected is the function CoinSpend::CoinSpend of the file CoinSpend.cpp of the component Proof Handler. The manipulation leads to insufficient verification of data authenticity... Read more

    Affected Products : libzerocoin
    • Published: Mar. 06, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-20179

    A vulnerability was found in InSTEDD Pollit 2.3.1. It has been rated as critical. This issue affects the function TourController of the file app/controllers/tour_controller.rb. The manipulation leads to an unknown weakness. The attack may be initiated rem... Read more

    Affected Products : pollit
    • Published: Feb. 21, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-20178

    ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Codiad 2.8.0. It has been rated as problematic. Affected by this issue is the function saveJSON of the file components/install/process.php. The manipulation of the argument data leads to informa... Read more

    Affected Products : codiad
    • Published: Feb. 21, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-20177

    A vulnerability, which was classified as problematic, has been found in WangGuard Plugin 1.8.0 on WordPress. Affected by this issue is the function wangguard_users_info of the file wangguard-user-info.php of the component WGG User List Handler. The manipu... Read more

    Affected Products : wangguard
    • Published: Feb. 06, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-20176

    A vulnerability classified as problematic was found in ciubotaru share-on-diaspora 0.7.9. This vulnerability affects unknown code of the file new_window.php. The manipulation of the argument title/url leads to cross site scripting. The attack can be initi... Read more

    Affected Products : share_on_diaspora
    • Published: Feb. 06, 2023
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-20175

    A vulnerability classified as problematic has been found in DaSchTour matomo-mediawiki-extension up to 2.4.2 on MediaWiki. This affects an unknown part of the file Piwik.hooks.php of the component Username Handler. The manipulation leads to cross site scr... Read more

    Affected Products : mediawiki matomo
    • Published: Feb. 05, 2023
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-20174

    A vulnerability was found in bastianallgeier Kirby Webmentions Plugin and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to injection. The attack may be launched remotely. The complexity of an attac... Read more

    Affected Products : webmentions
    • Published: Jan. 19, 2023
    • Modified: Nov. 21, 2024
Showing 20 of 293308 Results