Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2017-18026

    Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does not block the --config and --debugger flags to the Mercurial hg program, which allows remote attackers to execute arbitrary commands (through the Mercurial adapter) via vectors involvin... Read more

    Affected Products : debian_linux redmine
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-18025

    cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the username field, as demonstrated by a username beginning with "admin|" to use the '|' metacharacter.... Read more

    Affected Products : itguard_manager
    • Published: Jan. 09, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18024

    AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1.... Read more

    Affected Products : avantfax
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18023

    Office Tracker 11.2.5 has XSS via the logincount parameter to the /otweb/OTPClientLogin URI.... Read more

    Affected Products : officetracker
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18022

    In ImageMagick 7.0.7-12 Q16, there are memory leaks in MontageImageCommand in MagickWand/montage.c.... Read more

    Affected Products : ubuntu_linux imagemagick
    • Published: Jan. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18021

    It was discovered that QtPass before 1.2.1, when using the built-in password generator, generates possibly predictable and enumerable passwords. This only applies to the QtPass GUI.... Read more

    Affected Products : qtpass
    • Published: Jan. 05, 2018
    • Modified: Nov. 21, 2024

  • 8.4

    HIGH
    CVE-2017-18020

    On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers can execute arbitrary code in the bootloader because S Boot omits a size check during a copy of ramfs data to memory. The Samsung ID is SVE-2017-10598.... Read more

    Affected Products : samsung_mobile
    • Published: Jan. 04, 2018
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2017-18019

    In K7 Total Security before 15.1.0.305, user-controlled input to the K7Sentry device is not sufficiently sanitized: the user-controlled input can be used to compare an arbitrary memory address with a fixed value, which in turn can be used to read the cont... Read more

    Affected Products : total_security
    • Published: Jan. 04, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-18016

    Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin)... Read more

    Affected Products : browser
    • Published: Jan. 11, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18015

    The ILLID Share This Image plugin before 1.04 for WordPress has XSS via the sharer.php url parameter.... Read more

    Affected Products : share_this_image share_this_image
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18014

    An NC-25986 issue was discovered in the Logging subsystem of Sophos XG Firewall with SFOS before 17.0.3 MR3. An unauthenticated user can trigger a persistent XSS vulnerability found in the WAF log page (Control Center -> Log Viewer -> in the filter option... Read more

    Affected Products : sfos xg_firewall
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18013

    In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the tif_print.c TIFFPrintDirectory function, as demonstrated by a tiffinfo crash.... Read more

    Affected Products : libtiff
    • Published: Jan. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18012

    The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter.... Read more

    Affected Products : z-url_preview
    • Published: Jan. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18011

    The MyCBGenie Affiliate Ads for Clickbank Products plugin through 1.6 for WordPress has XSS via the text_ads_ajax.php border_color parameter.... Read more

    • Published: Jan. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18010

    The E-goi Smart Marketing SMS and Newsletters Forms plugin before 2.0.0 for WordPress has XSS via the admin/partials/custom/egoi-for-wp-form_egoi.php url parameter.... Read more

    • Published: Jan. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18009

    In OpenCV 3.3.1, a heap-based buffer over-read exists in the function cv::HdrDecoder::checkSignature in modules/imgcodecs/src/grfmt_hdr.cpp.... Read more

    Affected Products : opencv
    • Published: Jan. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18008

    In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in coders/pwp.c.... Read more

    Affected Products : ubuntu_linux imagemagick
    • Published: Jan. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17999

    SQL injection vulnerability in RISE Ultimate Project Manager 1.9 allows remote attackers to execute arbitrary SQL commands via the search parameter to index.php/knowledge_base/get_article_suggestion/.... Read more

    Affected Products : rise_ultimate_project_manager
    • Published: Jan. 23, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-17996

    A buffer overflow vulnerability in "Add command" functionality exists in Flexense SyncBreeze Enterprise <= 10.3.14. The vulnerability can be triggered by an authenticated attacker who submits more than 5000 characters as the command name. It will cause te... Read more

    Affected Products : syncbreeze
    • Published: Feb. 06, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17976

    In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can lead to remote code execution.... Read more

    Affected Products : perfex_crm
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292801 Results