Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-1002201

    In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. In this case, the ' character was missed. An attacker can manipulate the input to introduce additional ... Read more

    Affected Products : debian_linux haml
    • EPSS Score: %0.82
    • Published: Oct. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1002157

    modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.... Read more

    Affected Products : modulemd
    • EPSS Score: %0.72
    • Published: Jan. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-1002152

    Bodhi 2.9.0 and lower is vulnerable to cross-site scripting resulting in code injection caused by incorrect validation of bug titles.... Read more

    Affected Products : bodhi
    • EPSS Score: %0.30
    • Published: Jan. 10, 2019
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2017-1002102

    In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running... Read more

    Affected Products : kubernetes
    • EPSS Score: %0.36
    • Published: Mar. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2017-1002101

    In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using subpath volume mounts with any volume type (including non-privileged pods, subject to file permissions) can access files/directories outside o... Read more

    Affected Products : kubernetes
    • EPSS Score: %33.57
    • Published: Mar. 13, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-1000600

    WordPress version <4.9 contains a CWE-20 Input Validation vulnerability in thumbnail processing that can result in remote code execution. This attack appears to be exploitable via thumbnail upload by an authenticated user and may require additional plugin... Read more

    Affected Products : wordpress
    • EPSS Score: %18.20
    • Published: Sep. 06, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1000510

    Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting (XSS) vulnerability in Page name that can result in execution of javascript code.... Read more

    Affected Products : croogo
    • EPSS Score: %0.32
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1000509

    Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code.... Read more

    Affected Products : dolibarr_erp\/crm
    • EPSS Score: %0.18
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-1000508

    Invoice Plane version 1.5.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Client's details that can result in execution of javascript code . This vulnerability appears to have been fixed in 1.5.5 and later.... Read more

    Affected Products : invoiceplane
    • EPSS Score: %0.37
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1000507

    Canvs Canvas version 3.4.2 contains a Cross Site Scripting (XSS) vulnerability in User's details that can result in denial of service and execution of javascript code.... Read more

    Affected Products : canvas
    • EPSS Score: %0.32
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-1000506

    Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code.... Read more

    Affected Products : mautic mautic
    • EPSS Score: %0.40
    • Published: Feb. 09, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-1000505

    In Jenkins Script Security Plugin version 1.36 and earlier, users with the ability to configure sandboxed Groovy scripts are able to use a type coercion feature in Groovy to create new `File` objects from strings. This allowed reading arbitrary files on t... Read more

    Affected Products : script_security
    • EPSS Score: %0.32
    • Published: Jan. 25, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-1000504

    A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier startup could result in the wrong order of execution of commands during initialization. There is a very short window of time after startup during which Jenkins may no longer show the 'Pl... Read more

    Affected Products : jenkins
    • EPSS Score: %1.40
    • Published: Jan. 24, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-1000503

    A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 startup could result in the wrong order of execution of commands during initialization. This could in rare cases result in failure to initialize the setup wizard on the first startup. T... Read more

    Affected Products : jenkins
    • EPSS Score: %2.30
    • Published: Jan. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-1000502

    Users with permission to create or configure agents in Jenkins 1.37 and earlier could configure an EC2 agent to run arbitrary shell commands on the master node whenever the agent was supposed to be launched. Configuration of these agents now requires the ... Read more

    Affected Products : ec2
    • EPSS Score: %0.67
    • Published: Jan. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1000501

    Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.... Read more

    Affected Products : debian_linux awstats
    • EPSS Score: %5.92
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-1000499

    phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.... Read more

    Affected Products : phpmyadmin
    • EPSS Score: %10.45
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-1000498

    AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution... Read more

    Affected Products : androidsvg
    • EPSS Score: %1.19
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1000497

    Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in denial of service and possibly remote code execution... Read more

    Affected Products : pepperminty-wiki
    • EPSS Score: %1.55
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-1000496

    Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration import functionality resulting in denial of service and possibly remote execution of code.... Read more

    Affected Products : commsy
    • EPSS Score: %0.83
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291526 Results