Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2017-8446

    The Reporting feature in X-Pack in versions prior to 5.5.2 and standalone Reporting plugin versions versions prior to 2.4.6 had an impersonation vulnerability. A user with the reporting_user role could execute a report with the permissions of another repo... Read more

    Affected Products : x-pack x-pack_reporting
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-0635

    A remote denial of service vulnerability in HevcUtils.cpp in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Low due to details specific to the vulnerability. ... Read more

    Affected Products : android
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-8383

    Craft CMS before 2.6.2976 does not properly restrict viewing the contents of files in the craft/app/ folder.... Read more

    Affected Products : craft_cms
    • Published: May. 01, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-8267

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leading to an integer overflow and then an out-of-bounds write.... Read more

    Affected Products : android
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-8237

    In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists while loading a firmware image.... Read more

    Affected Products : android
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-8209

    The driver of honor 5C,honor 6x Huawei smart phones with software of versions earlier than NEM-AL10C00B356, versions earlier than Berlin-L21HNC432B360 have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user ... Read more

    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-8191

    FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links.... Read more

    Affected Products : fusionsphere_openstack
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.0

    MEDIUM
    CVE-2017-8189

    FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal.... Read more

    Affected Products : fusionsphere_openstack
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-8167

    Huawei firewall products USG9500 V500R001C50 has a DoS vulnerability.A remote attacker who controls the peer device could exploit the vulnerability by sending malformed IKE packets to the target device. Successful exploit of the vulnerability could cause ... Read more

    Affected Products : usg9500_firmware usg9500
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-8138

    HedEx Earlier than V200R006C00 versions has a cross-site request forgery (CSRF) vulnerability. An attacker could trick a user into accessing a website containing malicious scripts which may tamper with configurations and interrupt normal services.... Read more

    Affected Products : hedex_lite
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-8120

    The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated pri... Read more

    Affected Products : uma
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-8098

    e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker.... Read more

    Affected Products : e107
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8052

    Craft CMS before 2.6.2974 allows XSS attacks.... Read more

    Affected Products : craft_cms
    • Published: Apr. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-8007

    In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnera... Read more

    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7888

    Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier.... Read more

    Affected Products : dolibarr_erp\/crm
    • Published: May. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7871

    trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter).... Read more

    Affected Products : tdm
    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-7720

    Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long password.... Read more

    Affected Products : privatetunnel
    • Published: Apr. 26, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-7690

    Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program.... Read more

    Affected Products : proxifier
    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7590

    OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name.... Read more

    Affected Products : openidm
    • Published: Apr. 09, 2017
    • Modified: Apr. 20, 2025

  • 7.7

    HIGH
    CVE-2017-7566

    MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.... Read more

    Affected Products : mybb
    • Published: Apr. 06, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292803 Results