Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2017-18369

    The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the adv_remotelog.asp page and ... Read more

    Affected Products : 5200w-t_firmware 5200w-t
    • Published: May. 02, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18367

    libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by ... Read more

    Affected Products : libseccomp-golang
    • Published: Apr. 24, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-18366

    Subrion CMS 4.1.5 has CSRF in blog/delete/.... Read more

    Affected Products : subrion subrion_cms
    • Published: Apr. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18365

    The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in th... Read more

    Affected Products : github
    • Published: Mar. 28, 2019
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2017-18364

    phpFK lite has XSS via the faq.php, members.php, or search.php query string or the user.php user parameter.... Read more

    Affected Products : phpfk
    • Published: Mar. 27, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18361

    In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis.... Read more

    Affected Products : colander
    • Published: Feb. 01, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-18360

    In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Jan. 31, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18359

    PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometr... Read more

    Affected Products : debian_linux postgis
    • Published: Jan. 25, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18358

    LimeSurvey before 2.72.4 has Stored XSS by using the Continue Later (aka Resume later) feature to enter an email address, which is mishandled in the admin panel.... Read more

    Affected Products : limesurvey
    • Published: Jan. 15, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18357

    Shopware before 5.3.4 has a PHP Object Instantiation issue via the sort parameter to the loadPreviewAction() method of the Shopware_Controllers_Backend_ProductStream controller, with resultant XXE via instantiation of a SimpleXMLElement object.... Read more

    Affected Products : shopware
    • Published: Jan. 15, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-18356

    In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that w... Read more

    Affected Products : woocommerce woocommerce
    • Published: Jan. 15, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18355

    Installed packages are exposed by node_modules in Rendertron 1.0.0, allowing remote attackers to read absolute paths on the server by examining the "_where" attribute of package.json files.... Read more

    Affected Products : rendertron
    • Published: Dec. 17, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18354

    Rendertron 1.0.0 allows for alternative protocols such as 'file://' introducing a Local File Inclusion (LFI) bug where arbitrary files can be read by a remote attacker.... Read more

    Affected Products : rendertron
    • Published: Dec. 17, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18353

    Rendertron 1.0.0 includes an _ah/stop route to shutdown the Chrome instance responsible for serving render requests to all users. Visiting this route with a GET request allows any unauthorized remote attacker to disable the core service of the application... Read more

    Affected Products : rendertron
    • Published: Dec. 17, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18352

    Error reporting within Rendertron 1.0.0 allows reflected Cross Site Scripting (XSS) from invalid URLs.... Read more

    Affected Products : rendertron
    • Published: Dec. 17, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-18350

    bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target d... Read more

    Affected Products : bitcoin_core
    • Published: Mar. 12, 2020
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-18349

    parseObject in Fastjson before 1.2.25, as used in FastjsonEngine in Pippo 1.11.0 and other products, allows remote attackers to execute arbitrary code via a crafted JSON request, as demonstrated by a crafted rmi:// URI in the dataSourceName field of HTTP ... Read more

    Affected Products : fastjson pippo
    • Published: Oct. 23, 2018
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2017-18348

    Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert Trojan... Read more

    Affected Products : splunk
    • Published: Oct. 19, 2018
    • Modified: Nov. 21, 2024

  • 4.9

    MEDIUM
    CVE-2017-18347

    Incorrect access control in RDP Level 1 on STMicroelectronics STM32F0 series devices allows physically present attackers to extract the device's protected firmware via a special sequence of Serial Wire Debug (SWD) commands because there is a race conditio... Read more

    • Published: Sep. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18346

    SQL injection vulnerability in /wbg/core/_includes/authorization.inc.php in CMS Web-Gooroo through 2013-01-19 allows remote attackers to execute arbitrary SQL commands via the wbg_login parameter.... Read more

    Affected Products : cms_web-gooroo
    • Published: Jul. 03, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292802 Results