Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-1000429

    rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php.... Read more

    Affected Products : finecms
    • EPSS Score: %0.29
    • Published: Jan. 09, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-1000428

    flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string.... Read more

    Affected Products : flatcore-cms
    • EPSS Score: %0.29
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-1000427

    marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser.... Read more

    Affected Products : marked
    • EPSS Score: %0.28
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-1000426

    MapProxy version 1.10.3 and older is vulnerable to a Cross Site Scripting attack in the demo service resulting in possible information disclosure.... Read more

    Affected Products : mapproxy
    • EPSS Score: %0.23
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-1000425

    Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter.... Read more

    Affected Products : liferay_portal
    • EPSS Score: %0.26
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2017-1000424

    Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control.... Read more

    Affected Products : electron electron
    • EPSS Score: %0.27
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1000423

    b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution on the victim's setup.... Read more

    Affected Products : b2evolution
    • EPSS Score: %1.70
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-1000422

    Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer overflow in the gif_get_lzw function resulting in memory corruption and potential code execution... Read more

    Affected Products : ubuntu_linux debian_linux gdk-pixbuf
    • EPSS Score: %1.26
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1000421

    Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution... Read more

    Affected Products : debian_linux gifsicle
    • EPSS Score: %0.50
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-1000420

    Syncthing version 0.14.33 and older is vulnerable to symlink traversal resulting in arbitrary file overwrite... Read more

    Affected Products : syncthing
    • EPSS Score: %0.27
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-1000419

    phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal services via the web application.... Read more

    Affected Products : phpbb
    • EPSS Score: %0.38
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-1000418

    The WildMidi_Open function in WildMIDI since commit d8a466829c67cacbb1700beded25c448d99514e5 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted fi... Read more

    Affected Products : wildmidi
    • EPSS Score: %0.38
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-1000417

    MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic resulting in possible spoofing of OIDs (e.g. in ExtKeyUsage extension) on X.509 certificates.... Read more

    Affected Products : matrixssl
    • EPSS Score: %0.15
    • Published: Jan. 22, 2018
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-1000416

    axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting in the year (19)50 of UTCTime being misinterpreted as 2050.... Read more

    Affected Products : axtls
    • EPSS Score: %0.29
    • Published: Jan. 22, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-1000415

    MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation in its X.509 certificate validation process resulting in some certificates have their expiration (beginning) year extended (delayed) by 100 years.... Read more

    Affected Products : matrixssl
    • EPSS Score: %0.11
    • Published: Jan. 09, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-1000414

    ImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a division by zero in the JFIF decode handling resulting denial of service.... Read more

    Affected Products : jpegsnoop
    • EPSS Score: %0.33
    • Published: Jan. 25, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-1000413

    Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable a timing attack in the Montgomery parts of libMPA in OP-TEE resulting in a compromised private RSA key.... Read more

    Affected Products : op-tee
    • EPSS Score: %0.34
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-1000412

    Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and older) is vulnerable to the bellcore attack in the LibTomCrypt code resulting in compromised private RSA key.... Read more

    Affected Products : op-tee
    • EPSS Score: %0.34
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-1000411

    OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, Boron, Robert Varga, Anil Vishnoi contain a flaw when multiple 'expired' flows take up the memory resource of CONFIG DATASTORE which leads to CONTROLLER shutdown. If multiple different... Read more

    Affected Products : openflow opendaylight
    • EPSS Score: %0.93
    • Published: Jan. 31, 2018
    • Modified: Nov. 21, 2024

  • 7.0

    HIGH
    CVE-2017-1000409

    A buffer overflow in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366.... Read more

    Affected Products : glibc
    • EPSS Score: %1.77
    • Published: Feb. 01, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291513 Results