Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-1000452

    An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and earlier, and in predecessor Express-saml2 which could allow attackers to impersonate arbitrary users.... Read more

    Affected Products : samlify
    • EPSS Score: %0.14
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-1000451

    fs-git is a file system like api for git repository. The fs-git version 1.0.1 module relies on child_process.exec, however, the buildCommand method used to construct exec strings does not properly sanitize data and is vulnerable to command injection acros... Read more

    Affected Products : fs-git
    • EPSS Score: %0.42
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-1000450

    In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and FillUniGray do not check the input length, which can lead to integer overflow. If the image is from remote, may lead to remote code execution or denial of service. This affects Opencv 3... Read more

    Affected Products : debian_linux opencv
    • EPSS Score: %2.62
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-1000448

    Structured Data Linter versions 2.4.1 and older are vulnerable to a directory traversal attack in the URL input field resulting in the possibility of disclosing information about the remote host.... Read more

    Affected Products : structured_data_linter
    • EPSS Score: %0.62
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-1000445

    ImageMagick 7.0.7-1 and older version are vulnerable to null pointer dereference in the MagickCore component and might lead to denial of service... Read more

    Affected Products : ubuntu_linux debian_linux imagemagick
    • EPSS Score: %1.76
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1000444

    Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in the account registration and login component resulting in information disclosure and remote code execution... Read more

    Affected Products : openhacker
    • EPSS Score: %1.32
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-1000443

    Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability in the bank transactions component resulting in arbitrary code execution in the browser.... Read more

    Affected Products : openhacker
    • EPSS Score: %0.30
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1000442

    Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace... Read more

    Affected Products : passbolt_api
    • EPSS Score: %0.25
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 8.3

    HIGH
    CVE-2017-1000438

    In OMERO 5.3.3 or earlier a user could create an OriginalFile and adjust its path such that it now points to another user's file on the underlying filesystem, then manipulate the user's data.... Read more

    Affected Products : omero
    • EPSS Score: %0.46
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1000437

    Creolabs Gravity 1.0 contains a stack based buffer overflow in the operator_string_add function, resulting in remote code execution.... Read more

    Affected Products : gravity
    • EPSS Score: %3.32
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-1000434

    Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open Redirect The furikake-redirect parameter on a page allows for a redirect to an attacker controlled page classes/Furigana.php: header('location:'.urldecode($_GET['furikake-redirect']));... Read more

    Affected Products : furikake
    • EPSS Score: %0.24
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-1000433

    pysaml2 version 4.4.0 and older accept any password when run with python optimizations enabled. This allows attackers to log in as any user without knowing their password.... Read more

    Affected Products : debian_linux pysaml2
    • EPSS Score: %2.08
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 8.0

    HIGH
    CVE-2017-1000432

    Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting topics and comments from forums Admin access... Read more

    Affected Products : vanilla_forums
    • EPSS Score: %0.24
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-1000431

    eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials.... Read more

    Affected Products : ez_publish
    • EPSS Score: %0.29
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1000430

    rust-base64 version <= 0.5.1 is vulnerable to a buffer overflow when calculating the size of a buffer to use when encoding base64 using the 'encode_config_buf' and 'encode_config' functions... Read more

    Affected Products : rust-base64
    • EPSS Score: %0.48
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-1000429

    rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file Weixin.php.... Read more

    Affected Products : finecms
    • EPSS Score: %0.29
    • Published: Jan. 09, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-1000428

    flatCore-CMS 1.4.6 is vulnerable to reflected XSS in user_management.php due to the use of $_SERVER['PHP_SELF'] to build links and a stored XSS in the admin log panel by specifying a malformed User-Agent string.... Read more

    Affected Products : flatcore-cms
    • EPSS Score: %0.29
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-1000427

    marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser.... Read more

    Affected Products : marked
    • EPSS Score: %0.28
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-1000426

    MapProxy version 1.10.3 and older is vulnerable to a Cross Site Scripting attack in the demo service resulting in possible information disclosure.... Read more

    Affected Products : mapproxy
    • EPSS Score: %0.23
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-1000425

    Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter.... Read more

    Affected Products : liferay_portal
    • EPSS Score: %0.26
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291526 Results