Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2017-1613

    IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954.... Read more

    Affected Products : connections
    • Published: Dec. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15959

    Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576.... Read more

    Affected Products : adultscriptpro
    • Published: Oct. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2017-15884

    In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.... Read more

    Affected Products : vagrant_vmware_fusion
    • Published: Oct. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15813

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overflow can occur while reading firmware logs.... Read more

    Affected Products : android
    • Published: Dec. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-15812

    The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a Settings values in the admin panel.... Read more

    Affected Products : easy_appointments easy_appointments
    • Published: Oct. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15802

    XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address con... Read more

    Affected Products : xnview windows
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15801

    XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address con... Read more

    Affected Products : xnview windows
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15786

    XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x00000000001a78db."... Read more

    Affected Products : xnview windows
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15778

    XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x0000000000285de7."... Read more

    Affected Products : xnview windows
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15742

    IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADIMAGE+0x00000000003d2328."... Read more

    Affected Products : irfanview cadimage
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-15287

    There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI.... Read more

    Affected Products : bouqueteditor
    • Published: Oct. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-15279

    Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 allows remote attackers to inject arbitrary web script or HTML via the "page name" (aka nodename) parameter during the creation of a new page, related to Umbraco.Web.UI/umbraco/dialogs/P... Read more

    Affected Products : umbraco_cms
    • Published: Oct. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15262

    IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x000... Read more

    Affected Products : irfanview pdf
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15248

    IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlGetGlobalState+0x0000... Read more

    Affected Products : irfanview pdf
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-15215

    Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated attacker to inject JavaScript via the searchtags parameter to index.php. If the victim is an administrator, an attacker can (for example) take over the admin session or change global ... Read more

    Affected Products : shaarli
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-15048

    Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.... Read more

    Affected Products : zoom
    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14968

    In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x830000c4, a related issue to CVE-2017-17113.... Read more

    Affected Products : ikarus_antivirus anti.virus
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14961

    In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x8300000c.... Read more

    Affected Products : anti.virus
    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-3794

    A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user. More Information: CSCuz03317. Known Affected Releases: 2.6. Known Fixed Re... Read more

    Affected Products : webex_meetings_server
    • Published: Jan. 26, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-14908

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the SafeSwitch test application does not properly validate the number of blocks to verify.... Read more

    Affected Products : android
    • Published: Dec. 05, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292811 Results