Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-1000477

    XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks.... Read more

    Affected Products : xmlbundle
    • EPSS Score: %0.30
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2017-1000476

    ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service.... Read more

    Affected Products : ubuntu_linux debian_linux imagemagick
    • EPSS Score: %0.63
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-1000475

    FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges.... Read more

    Affected Products : freesshd
    • EPSS Score: %0.41
    • Published: Jan. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1000474

    Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php, and login/sell.php scripts resulting in the expose of user's... Read more

    Affected Products : vehicle_sales_management_system
    • EPSS Score: %2.59
    • Published: Jan. 24, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-1000473

    Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way module names are parsed and then executed resulting in code execution on the server, potentially as root.... Read more

    Affected Products : linux-dash
    • EPSS Score: %0.32
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-1000472

    The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression... Read more

    Affected Products : debian_linux poco
    • EPSS Score: %0.47
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1000471

    EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service.... Read more

    Affected Products : goahead
    • EPSS Score: %0.28
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-1000470

    EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service.... Read more

    Affected Products : goahead goahead_web_server
    • EPSS Score: %0.33
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-1000469

    Cobbler version up to 2.8.2 is vulnerable to a command injection vulnerability in the "add repo" component resulting in arbitrary code execution as root user.... Read more

    Affected Products : cobbler cobbler
    • EPSS Score: %1.44
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1000467

    LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code.... Read more

    Affected Products : lavalite
    • EPSS Score: %0.30
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1000466

    Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code.... Read more

    Affected Products : invoice_ninja
    • EPSS Score: %0.23
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1000465

    Sulu-standard version 1.6.6 is vulnerable to stored cross-site scripting vulnerability, within the page creation page, which can result in disruption of service and execution of javascript code.... Read more

    Affected Products : sulu sulu-standard
    • EPSS Score: %0.32
    • Published: Jan. 09, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1000463

    Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the edit blog post page, which can result in disruption of service and execution of javascript code.... Read more

    Affected Products : leafpub
    • EPSS Score: %0.30
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1000462

    BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code.... Read more

    Affected Products : bookstack
    • EPSS Score: %0.32
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2017-1000461

    Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being able to access the fingerprinting-associated browser fun... Read more

    Affected Products : browser
    • EPSS Score: %0.22
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-1000460

    In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), chromium(56 prior Feb 13, 2017), the return value of init_get_bits is ignored and get_ue_golomb(&gb) is called on an uninitialized get_bits context, which causes a NULL deref exception.... Read more

    Affected Products : chrome ffmpeg libav
    • EPSS Score: %0.22
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-1000459

    Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes... Read more

    Affected Products : leanote desktop
    • EPSS Score: %0.24
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1000458

    Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the ContentLine analyzer allowing remote attackers to cause a denial of service (crash) and possibly other exploitation.... Read more

    Affected Products : bro
    • EPSS Score: %0.57
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2017-1000457

    Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote attackers to inject arbitrary web script or HTML via the helpkey parameter. Exploitation requires authenticated reflected cross-site scripting for user accou... Read more

    Affected Products : mojoportal
    • EPSS Score: %0.23
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-1000456

    freedesktop.org libpoppler 0.60.1 fails to validate boundaries in TextPool::addWord, leading to overflow in subsequent calculations.... Read more

    Affected Products : debian_linux poppler
    • EPSS Score: %0.72
    • Published: Jan. 02, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291589 Results