Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2017-0431

    An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32573899.... Read more

    Affected Products : android
    • EPSS Score: %0.03
    • Published: Apr. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-0372

    Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.... Read more

    Affected Products : debian_linux mediawiki
    • EPSS Score: %58.96
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-0371

    MediaWiki before 1.23.16, 1.24.x through 1.27.x before 1.27.2, and 1.28.x before 1.28.1 allows remote attackers to discover the IP addresses of Wiki visitors via a style="background-image: attr(title url);" attack within a DIV element that has an attacker... Read more

    Affected Products : mediawiki
    • EPSS Score: %0.27
    • Published: Feb. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-0370

    Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.... Read more

    Affected Products : debian_linux mediawiki
    • EPSS Score: %0.26
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-0369

    Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.... Read more

    Affected Products : debian_linux mediawiki
    • EPSS Score: %0.15
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-0368

    Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.... Read more

    Affected Products : debian_linux mediawiki
    • EPSS Score: %0.26
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-0367

    Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.... Read more

    Affected Products : debian_linux mediawiki
    • EPSS Score: %0.62
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-0366

    Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration.... Read more

    Affected Products : debian_linux mediawiki
    • EPSS Score: %0.42
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2017-0365

    Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations.... Read more

    Affected Products : debian_linux mediawiki
    • EPSS Score: %0.33
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-0364

    Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.... Read more

    Affected Products : debian_linux mediawiki
    • EPSS Score: %0.22
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-0363

    Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites.... Read more

    Affected Products : debian_linux mediawiki
    • EPSS Score: %0.22
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-0362

    Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.... Read more

    Affected Products : debian_linux mediawiki
    • EPSS Score: %0.18
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-0361

    Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.... Read more

    Affected Products : debian_linux mediawiki
    • EPSS Score: %0.09
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-0359

    diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive.... Read more

    Affected Products : debian_linux diffoscope
    • EPSS Score: %0.54
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-0358

    Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalatio... Read more

    Affected Products : debian_linux ntfs-3g
    • EPSS Score: %10.45
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-0357

    A heap-overflow flaw exists in the -tr loader of iucode-tool starting with v1.4 and before v2.1.1, potentially leading to SIGSEGV, or heap corruption.... Read more

    Affected Products : debian_linux iucode-tool
    • EPSS Score: %1.69
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-0356

    A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters.... Read more

    Affected Products : debian_linux ikiwiki
    • EPSS Score: %10.04
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9969

    In libwebp 0.5.1, there is a double free bug in libwebpmux.... Read more

    Affected Products : libwebp
    • EPSS Score: %0.33
    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9953

    The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have... Read more

    Affected Products : curl windows_embedded_compact
    • EPSS Score: %1.95
    • Published: Mar. 12, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-9952

    The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a se... Read more

    Affected Products : curl windows_embedded_compact
    • EPSS Score: %1.06
    • Published: Mar. 12, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291395 Results