Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2017-12954

    The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file.... Read more

    Affected Products : libgig
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12924

    CDirVector::GetTable in dirfunc.hxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (divide-by-zero error) via a crafted fpx image.... Read more

    Affected Products : libfpx
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12923

    OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image.... Read more

    Affected Products : libfpx
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12920

    CDirectory::GetDirEntry in dir.cxx in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted fpx image.... Read more

    Affected Products : libfpx
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-12840

    A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ client application 4.8.16 and earlier contains a locally exploitable heap based buffer overflow in the handling of an IOCTL message of type 0x0FA4204. The vulnerability is present due to the k... Read more

    Affected Products : deslock\+
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-0928

    libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference).... Read more

    Affected Products : libhtp
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-0101

    Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; IBM Business Process Manager Express 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; and IBM Business Pro... Read more

    Affected Products : business_process_manager
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2014-9514

    Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5.... Read more

    Affected Products : footprints_service_core
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2014-8900

    Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier.... Read more

    Affected Products : urbancode_deploy
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2014-8871

    Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5.3.0.1 and earlier.... Read more

    Affected Products : hybris
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2014-4925

    Cross-site scripting (XSS) vulnerability in Good for Enterprise for Android 2.8.0.398 and 1.9.0.40.... Read more

    Affected Products : android good_for_enterprise
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-12857

    Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote ... Read more

    • Published: Aug. 25, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12707

    A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow.... Read more

    Affected Products : scada_microbrowser
    • Published: Aug. 25, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2014-7858

    The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string.... Read more

    Affected Products : dnr-326_firmware dnr-326
    • Published: Aug. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-13686

    net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact... Read more

    Affected Products : linux_kernel
    • Published: Aug. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-8308

    LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections.... Read more

    Affected Products : lxdm
    • Published: Aug. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9511

    The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system.... Read more

    Affected Products : crucible fisheye windows
    • Published: Aug. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-13671

    app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation.... Read more

    Affected Products : misp
    • Published: Aug. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-13649

    UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script execut... Read more

    Affected Products : unrealircd
    • Published: Aug. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-13137

    The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php.... Read more

    Affected Products : formcraft formcraft
    • Published: Aug. 23, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292797 Results