Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 5.5

    MEDIUM
    CVE-2017-16711

    The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefini... Read more

    Affected Products : swftools
    • EPSS Score: %0.44
    • Published: Nov. 09, 2017
    • Modified: Apr. 20, 2025
  • 8.1

    HIGH
    CVE-2017-5480

    Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter.... Read more

    Affected Products : b2evolution
    • EPSS Score: %0.32
    • Published: Jan. 15, 2017
    • Modified: Apr. 20, 2025
  • 7.1

    HIGH
    CVE-2017-5228

    All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary ... Read more

    Affected Products : metasploit
    • EPSS Score: %0.30
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025
  • 7.3

    HIGH
    CVE-2017-4987

    In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potentially allow the attacker to execute arbitrary code on th... Read more

    Affected Products : vnx2_firmware vnx1_firmware vnx2 vnx1
    • EPSS Score: %0.07
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025
  • 5.3

    MEDIUM
    CVE-2017-1613

    IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954.... Read more

    Affected Products : connections
    • EPSS Score: %0.32
    • Published: Dec. 11, 2017
    • Modified: Apr. 20, 2025
  • 9.8

    CRITICAL
    CVE-2017-15959

    Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a /download URI, a different vulnerability than CVE-2007-6576.... Read more

    Affected Products : adultscriptpro
    • EPSS Score: %2.34
    • Published: Oct. 29, 2017
    • Modified: Apr. 20, 2025
  • 6.5

    MEDIUM
    CVE-2017-15937

    Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /var/www pathname typically means Linux or UNIX).... Read more

    Affected Products : pandora_fms
    • EPSS Score: %0.31
    • Published: Oct. 27, 2017
    • Modified: Apr. 20, 2025
  • 7.0

    HIGH
    CVE-2017-15884

    In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.... Read more

    Affected Products : vagrant_vmware_fusion
    • EPSS Score: %0.08
    • Published: Oct. 31, 2017
    • Modified: Apr. 20, 2025
  • 6.1

    MEDIUM
    CVE-2017-15885

    Reflected XSS in the web administration portal on the Axis 2100 Network Camera 2.03 allows an attacker to execute arbitrary JavaScript via the conf_Layout_OwnTitle parameter to view/view.shtml. NOTE: this might overlap CVE-2007-5214.... Read more

    • EPSS Score: %0.22
    • Published: Oct. 25, 2017
    • Modified: Apr. 20, 2025
  • 9.8

    CRITICAL
    CVE-2017-15813

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overflow can occur while reading firmware logs.... Read more

    Affected Products : android
    • EPSS Score: %0.18
    • Published: Dec. 05, 2017
    • Modified: Apr. 20, 2025
  • 6.1

    MEDIUM
    CVE-2017-15812

    The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a Settings values in the admin panel.... Read more

    Affected Products : easy_appointments easy_appointments
    • EPSS Score: %0.20
    • Published: Oct. 23, 2017
    • Modified: Apr. 20, 2025
  • 5.4

    MEDIUM
    CVE-2017-15811

    The Pootle Button plugin before 1.2.0 for WordPress has XSS via the assets_url parameter in assets/dialog.php, exploitable via wp-admin/admin-ajax.php.... Read more

    Affected Products : pootle_button
    • EPSS Score: %0.20
    • Published: Oct. 23, 2017
    • Modified: Apr. 20, 2025
  • 7.8

    HIGH
    CVE-2017-15779

    XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls subsequent Write Address starting at CADImage+0x00000000000034b0."... Read more

    Affected Products : xnview windows
    • EPSS Score: %0.36
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025
  • 7.8

    HIGH
    CVE-2017-15802

    XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address con... Read more

    Affected Products : xnview windows
    • EPSS Score: %0.19
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025
  • 7.8

    HIGH
    CVE-2017-15801

    XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dll file that is mishandled during an attempt to render the DLL icon, related to "Data from Faulting Address con... Read more

    Affected Products : xnview windows
    • EPSS Score: %0.19
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025
  • 7.8

    HIGH
    CVE-2017-15786

    XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x00000000001a78db."... Read more

    Affected Products : xnview windows
    • EPSS Score: %0.19
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025
  • 7.8

    HIGH
    CVE-2017-15784

    XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to an "Illegal Instruction Violation starting at xnview+0x0000000000370074."... Read more

    Affected Products : xnview windows
    • EPSS Score: %0.36
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025
  • 7.8

    HIGH
    CVE-2017-15778

    XnView Classic for Windows Version 2.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADImage+0x0000000000285de7."... Read more

    Affected Products : xnview windows
    • EPSS Score: %0.19
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025
  • 7.8

    HIGH
    CVE-2017-15749

    IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at CADI... Read more

    Affected Products : irfanview cadimage
    • EPSS Score: %0.10
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025
  • 7.8

    HIGH
    CVE-2017-15742

    IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to a "Read Access Violation starting at CADIMAGE+0x00000000003d2328."... Read more

    Affected Products : irfanview cadimage
    • EPSS Score: %0.10
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291526 Results