Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2017-0366

    Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration.... Read more

    Affected Products : debian_linux mediawiki
    • EPSS Score: %0.42
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 4.7

    MEDIUM
    CVE-2017-0365

    Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations.... Read more

    Affected Products : debian_linux mediawiki
    • EPSS Score: %0.33
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-0364

    Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where Special:Search allows redirects to any interwiki link.... Read more

    Affected Products : debian_linux mediawiki
    • EPSS Score: %0.22
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-0363

    Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where Special:UserLogin?returnto=interwiki:foo will redirect to external sites.... Read more

    Affected Products : debian_linux mediawiki
    • EPSS Score: %0.22
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-0362

    Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the "Mark all pages visited" on the watchlist does not require a CSRF token.... Read more

    Affected Products : debian_linux mediawiki
    • EPSS Score: %0.18
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-0361

    Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information disclosure flaw, where the api.log might contain passwords in plaintext.... Read more

    Affected Products : debian_linux mediawiki
    • EPSS Score: %0.09
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-0359

    diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive.... Read more

    Affected Products : debian_linux diffoscope
    • EPSS Score: %0.54
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-0358

    Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalatio... Read more

    Affected Products : debian_linux ntfs-3g
    • EPSS Score: %10.45
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-0357

    A heap-overflow flaw exists in the -tr loader of iucode-tool starting with v1.4 and before v2.1.1, potentially leading to SIGSEGV, or heap corruption.... Read more

    Affected Products : debian_linux iucode-tool
    • EPSS Score: %1.69
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-0356

    A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters.... Read more

    Affected Products : debian_linux ikiwiki
    • EPSS Score: %10.04
    • Published: Apr. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9969

    In libwebp 0.5.1, there is a double free bug in libwebpmux.... Read more

    Affected Products : libwebp
    • EPSS Score: %0.33
    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9953

    The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have... Read more

    Affected Products : curl windows_embedded_compact
    • EPSS Score: %1.95
    • Published: Mar. 12, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-9952

    The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a se... Read more

    Affected Products : curl windows_embedded_compact
    • EPSS Score: %1.06
    • Published: Mar. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2016-9928

    MCabber before 1.0.4 is vulnerable to roster push attacks, which allows remote attackers to intercept communications, or add themselves as an entity on a 3rd party's roster as another user, which will also garner associated privileges, via crafted XMPP pa... Read more

    Affected Products : ubuntu_linux debian_linux mcabber
    • EPSS Score: %1.90
    • Published: Feb. 06, 2020
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-9905

    A potentially exploitable crash in "EnumerateSubDocuments" while adding or removing sub-documents. This vulnerability affects Firefox ESR < 45.6 and Thunderbird < 45.6.... Read more

    • EPSS Score: %1.24
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9904

    An attacker could use a JavaScript Map/Set timing attack to determine whether an atom is used by another compartment/zone in specific contexts. This could be used to leak information, such as usernames embedded in JavaScript code, across websites. This vu... Read more

    • EPSS Score: %1.26
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-9903

    Mozilla's add-ons SDK had a world-accessible resource with an HTML injection vulnerability. If an additional vulnerability allowed this resource to be loaded as a document it could allow injecting content and script into an add-on's context. This vulnerab... Read more

    Affected Products : firefox
    • EPSS Score: %0.71
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9902

    The Pocket toolbar button, once activated, listens for events fired from it's own pages but does not verify the origin of incoming events. This allows content from other origins to fire events and inject content and commands into the Pocket context. Note:... Read more

    • EPSS Score: %0.41
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-9901

    HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" (unprivileged) page, giving it access to Pocket's messaging API through HTML injection. This vulnerab... Read more

    • EPSS Score: %2.22
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-9900

    External resources that should be blocked when loaded by SVG images can bypass security restrictions through the use of "data:" URLs. This could allow for cross-domain data leakage. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunde... Read more

    • EPSS Score: %1.44
    • Published: Jun. 11, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291526 Results