Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2017-8210

    The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user ... Read more

    • EPSS Score: %0.18
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-8188

    FusionSphere OpenStack V100R006C00SPC102(NFV)has a command injection vulnerability. Due to lack of validation, an attacker with high privilege may inject malicious code into some module of the affected products, causing code execution.... Read more

    Affected Products : fusionsphere_openstack
    • EPSS Score: %0.54
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-8181

    The camera driver of MTK platform in Huawei smart phones with software of versions earlier than Nice-AL00C00B155 has a arbitrary memory write vulnerability.Due to the insufficient input verification, an attacker tricks a user into installing a malicious a... Read more

    • EPSS Score: %0.10
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-8170

    Huawei smart phones with software earlier than VIE-L09C40B360 versions have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a... Read more

    Affected Products : vie-l09_firmware vie-l09
    • EPSS Score: %0.18
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-8157

    OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vulnerabilities to decrypt data to obtain sensitive informa... Read more

    • EPSS Score: %0.09
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-8134

    The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privi... Read more

    Affected Products : fusionsphere_openstack
    • EPSS Score: %0.30
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-8126

    The UMA product with software V200R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.... Read more

    Affected Products : uma
    • EPSS Score: %0.22
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 2.3

    LOW
    CVE-2017-8118

    The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak.... Read more

    Affected Products : uma
    • EPSS Score: %0.03
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-8037

    In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.38.0 and cf-release versions after v244 and prior to v270, there is an incomplete fix for CVE-2017-8035. If you took steps to remediate CVE-2017-8035 you should also upgrade to... Read more

    • EPSS Score: %0.38
    • Published: Aug. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-8018

    EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system.... Read more

    Affected Products : appsync windows
    • EPSS Score: %0.59
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7991

    Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.... Read more

    Affected Products : exponent_cms
    • EPSS Score: %1.35
    • Published: Apr. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.4

    HIGH
    CVE-2017-7930

    An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server wit... Read more

    Affected Products : pi_data_archive
    • EPSS Score: %0.22
    • Published: Aug. 25, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7881

    BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modul... Read more

    Affected Products : bigtree_cms
    • EPSS Score: %0.04
    • Published: Apr. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7684

    Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server.... Read more

    Affected Products : openmeetings
    • EPSS Score: %1.50
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 8.0

    HIGH
    CVE-2017-7571

    public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges.... Read more

    Affected Products : faveo_helpdesk
    • EPSS Score: %0.29
    • Published: Apr. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7564

    In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug exceptions and debug registers.... Read more

    • EPSS Score: %0.46
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7455

    Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control.... Read more

    Affected Products : mxview
    • EPSS Score: %39.99
    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7446

    HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges.... Read more

    Affected Products : helpdezk
    • EPSS Score: %0.27
    • Published: Apr. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-7444

    In Veritas System Recovery before 16 SP1, there is a DLL hijacking vulnerability in the patch installer if an attacker has write access to the directory from which the product is executed.... Read more

    Affected Products : system_recovery
    • EPSS Score: %0.12
    • Published: Apr. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7410

    Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter.... Read more

    Affected Products : websitebaker
    • EPSS Score: %1.69
    • Published: Apr. 03, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291389 Results