Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2017-17750

    Bose SoundTouch devices allow XSS via a crafted public playlist from Spotify.... Read more

    Affected Products : soundtouch
    • Published: Mar. 24, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-17749

    Bose SoundTouch devices allow XSS via crafted song data from a music service, as demonstrated by Pandora.... Read more

    Affected Products : soundtouch
    • Published: Mar. 24, 2018
    • Modified: Nov. 21, 2024

  • 6.7

    MEDIUM
    CVE-2017-17743

    Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges... Read more

    • Published: Mar. 22, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-17742

    Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1 allows an HTTP Response Splitting attack. An attacker can inject a crafted key and value into an HTTP response for the HTTP server of WEBrick.... Read more

    Affected Products : ruby debian_linux
    • Published: Apr. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17736

    Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global Administrator access by visiting CMSInstall/install.aspx and then navigating to the CMS Administration Dashboard.... Read more

    Affected Products : kentico kentico_cms
    • Published: Mar. 23, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-17725

    In Exiv2 0.26, there is an integer overflow leading to a heap-based buffer over-read in the Exiv2::getULong function in types.cpp. Remote attackers can exploit the vulnerability to cause a denial of service via a crafted image file. Note that this vulnera... Read more

    Affected Products : exiv2
    • Published: Feb. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-17724

    In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::IptcData::printStructure function in iptc.cpp, related to the "!= 0x1c" case. Remote attackers can exploit this vulnerability to cause a denial of service via a crafted TIFF file.... Read more

    Affected Products : exiv2
    • Published: Feb. 12, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-17723

    In Exiv2 0.26, there is a heap-based buffer over-read in the Exiv2::Image::byteSwap4 function in image.cpp. Remote attackers can exploit this vulnerability to disclose memory data or cause a denial of service via a crafted TIFF file.... Read more

    Affected Products : exiv2
    • Published: Feb. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-17722

    In Exiv2 0.26, there is a reachable assertion in the readHeader function in bigtiffimage.cpp, which will lead to a remote denial of service attack via a crafted TIFF file.... Read more

    Affected Products : exiv2
    • Published: Feb. 12, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-17708

    Because of insufficient authorization checks it is possible for any authenticated user to change profile data of other users in Pleasant Password Server before 7.8.3.... Read more

    Affected Products : pleasant_password_server
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-17707

    Due to missing authorization checks, any authenticated user is able to list, upload, or delete attachments to password safe entries in Pleasant Password Server before 7.8.3. To perform those actions on an entry, the user needs to know the corresponding "C... Read more

    Affected Products : pleasant_password_server
    • Published: Jul. 31, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-17703

    Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent XSS.... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Feb. 04, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-17691

    Homeputer CL Studio fur HomeMatic 4.0 Rel 160808 and earlier uses cleartext to exchange the username and password between server and client instances, which allows remote attackers to obtain sensitive information via a man in the middle attack.... Read more

    Affected Products : homeputer_cl_studio_fur_homematic
    • Published: Sep. 07, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-17689

    The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL.... Read more

    • Published: May. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-17688

    The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detec... Read more

    • Published: May. 16, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-17678

    BMC Remedy Mid Tier 9.1SP3 is affected by cross-site scripting (XSS). A DOM-based cross-site scripting vulnerability was discovered in a legacy utility.... Read more

    Affected Products : remedy_mid-tier
    • Published: May. 19, 2021
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-17677

    BMC Remedy 9.1SP3 is affected by authenticated code execution. Authenticated users that have the right to create reports can use BIRT templates to run code.... Read more

    Affected Products : remedy_mid-tier
    • Published: May. 19, 2021
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-17675

    BMC Remedy Mid Tier 9.1SP3 is affected by log hijacking. Remote logging can be accessed by unauthenticated users, allowing for an attacker to hijack the system logs. This data can include user names and HTTP data.... Read more

    Affected Products : remedy_mid-tier
    • Published: May. 19, 2021
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-17674

    BMC Remedy Mid Tier 9.1SP3 is affected by remote and local file inclusion. Due to the lack of restrictions on what can be targeted, the system can be vulnerable to attacks such as system fingerprinting, internal port scanning, Server Side Request Forgery ... Read more

    Affected Products : remedy_mid-tier
    • Published: May. 19, 2021
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-17668

    Memory write mechanism in NCR S1 Dispenser controller before firmware version 0x0156 allows an unauthenticated user to upgrade or downgrade the firmware of the device, including to older versions with known vulnerabilities.... Read more

    • Published: Mar. 20, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292795 Results