Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2017-15801

    XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address con... Read more

    Affected Products : xnview windows
    • EPSS Score: %0.19
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15786

    XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x00000000001a78db."... Read more

    Affected Products : xnview windows
    • EPSS Score: %0.19
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15778

    XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x0000000000285de7."... Read more

    Affected Products : xnview windows
    • EPSS Score: %0.19
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15742

    IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADIMAGE+0x00000000003d2328."... Read more

    Affected Products : irfanview cadimage
    • EPSS Score: %0.10
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-15287

    There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI.... Read more

    Affected Products : bouqueteditor
    • EPSS Score: %1.90
    • Published: Oct. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-15279

    Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/P... Read more

    Affected Products : umbraco_cms
    • EPSS Score: %0.20
    • Published: Oct. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15262

    IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x000... Read more

    Affected Products : irfanview pdf
    • EPSS Score: %0.36
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15248

    IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x0000... Read more

    Affected Products : irfanview pdf
    • EPSS Score: %0.19
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-15215

    Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global ... Read more

    Affected Products : shaarli
    • EPSS Score: %1.04
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-15048

    Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.... Read more

    Affected Products : zoom
    • EPSS Score: %21.43
    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14968

    In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c4, a related issue to CVE-2017-17113.... Read more

    Affected Products : ikarus_antivirus anti.virus
    • EPSS Score: %0.05
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14961

    In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300000c.... Read more

    Affected Products : anti.virus
    • EPSS Score: %0.51
    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-3794

    A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: CSCuz03317. Known Affected Releases: 2.6. Known Fixed Re... Read more

    Affected Products : webex_meetings_server
    • EPSS Score: %0.22
    • Published: Jan. 26, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-14908

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the SafeSwitch test application does not properly validate the number of blocks to verify.... Read more

    Affected Products : android
    • EPSS Score: %0.11
    • Published: Dec. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-3751

    An unquoted service path vulnerability was identified in the driver for the ThinkPad Compact USB Keyboard with TrackPoint versions earlier than 1.5.5.0. This could allow an attacker with local privileges to execute code with administrative privileges.... Read more

    • EPSS Score: %0.04
    • Published: Aug. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-14524

    Multiple open redirect vulnerabilities in OpenText Documentum Administrator 7.2.0180.0055 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2)... Read more

    • EPSS Score: %5.99
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14834

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil... Read more

    Affected Products : foxit_reader pdf_reader
    • EPSS Score: %0.37
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14757

    OpenText Document Sciences xPression (formerly EMC Document Sciences xPression) v4.5SP1 Patch 13 (older versions might be affected as well) is prone to SQL Injection: /xDashboard/html/jobhistory/downloadSupportFile.action, parameter: jobRunId. In order fo... Read more

    Affected Products : document_sciences_xpression
    • EPSS Score: %0.33
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 4.9

    MEDIUM
    CVE-2017-3477

    Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 12.0.0 and 12.1.0. Difficult to exploit vulnerability allows low privileged at... Read more

    Affected Products : flexcube_private_banking
    • EPSS Score: %0.22
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-14681

    The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for p3scan.pid modification before ... Read more

    Affected Products : p3scan
    • EPSS Score: %0.05
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292386 Results