Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2017-1000467

    LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code.... Read more

    Affected Products : lavalite
    • EPSS Score: %0.30
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1000466

    Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code.... Read more

    Affected Products : invoice_ninja
    • EPSS Score: %0.23
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1000465

    Sulu-standard version 1.6.6 is vulnerable to stored cross-site scripting vulnerability, within the page creation page, which can result in disruption of service and execution of javascript code.... Read more

    Affected Products : sulu sulu-standard
    • EPSS Score: %0.32
    • Published: Jan. 09, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1000463

    Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the edit blog post page, which can result in disruption of service and execution of javascript code.... Read more

    Affected Products : leafpub
    • EPSS Score: %0.30
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1000462

    BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code.... Read more

    Affected Products : bookstack
    • EPSS Score: %0.32
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2017-1000461

    Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being able to access the fingerprinting-associated browser fun... Read more

    Affected Products : browser
    • EPSS Score: %0.22
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-1000460

    In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.... Read more

    Affected Products : chrome ffmpeg libav
    • EPSS Score: %0.22
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-1000459

    Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes... Read more

    Affected Products : leanote desktop
    • EPSS Score: %0.24
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1000458

    Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the ContentLine analyzer allowing remote attackers to cause a denial of service (crash) and possibly other exploitation.... Read more

    Affected Products : bro
    • EPSS Score: %0.57
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2017-1000457

    Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote attackers to inject arbitrary web script or HTML via the helpkey parameter. Exploitation requires authenticated reflected cross-site scripting for user accou... Read more

    Affected Products : mojoportal
    • EPSS Score: %0.23
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-1000456

    freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.... Read more

    Affected Products : debian_linux poppler
    • EPSS Score: %0.72
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-1000455

    GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d used POSIX hard links incorrectly, leading the creation of setuid executables in "the store", violating a fundamental security assumption of GNU Guix.... Read more

    Affected Products : guixsd
    • EPSS Score: %0.02
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-1000454

    CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template Injection in some core components, resulting in local file read before 2.2, and local file inclusion since 2.2.1... Read more

    Affected Products : cms_made_simple
    • EPSS Score: %0.18
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1000453

    CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty templating injection in some core modules, resulting in unauthenticated PHP code execution.... Read more

    Affected Products : cms_made_simple
    • EPSS Score: %0.98
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-1000452

    An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.... Read more

    Affected Products : samlify
    • EPSS Score: %0.14
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-1000451

    fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on child_process.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection acros... Read more

    Affected Products : fs-git
    • EPSS Score: %0.42
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-1000450

    In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3... Read more

    Affected Products : debian_linux opencv
    • EPSS Score: %2.62
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-1000448

    Structured Data Linter versions 2.4.1 and older are vulnerable to a directory traversal attack in the URL input field resulting in the possibility of disclosing information about the remote host.... Read more

    Affected Products : structured_data_linter
    • EPSS Score: %0.62
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-1000445

    ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service... Read more

    Affected Products : ubuntu_linux debian_linux imagemagick
    • EPSS Score: %1.76
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1000444

    Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in the account registration and login component resulting in information disclosure and remote code execution... Read more

    Affected Products : openhacker
    • EPSS Score: %1.32
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291520 Results