Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-1000374

    A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. This affects NetBSD 7.1 and possibly earlier versions.... Read more

    Affected Products : netbsd
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1000375

    NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions.... Read more

    Affected Products : netbsd
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-3296

    Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) javascript: or (2) data: URLs.... Read more

    Affected Products : nodebb
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-1000113

    The Deploy to container Plugin stored passwords unencrypted as part of its configuration. This allowed users with Jenkins master local file system access, or users with Extended Read access to the jobs it is used in, to retrieve those passwords. The Deplo... Read more

    Affected Products : deploy
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 8.0

    HIGH
    CVE-2017-1000086

    The Periodic Backup Plugin did not perform any permission checks, allowing any user with Overall/Read access to change its settings, trigger backups, restore backups, download backups, and also delete all previous backups via log rotation. Additionally, t... Read more

    Affected Products : periodic_backup
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-1000070

    The Bitly oauth2_proxy in version 2.1 and earlier was affected by an open redirect vulnerability during the start and termination of the 2-legged OAuth flow. This issue was caused by improper input validation and a violation of RFC-6819... Read more

    Affected Products : oauth2_proxy
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-1000059

    Live Helper Chat version 2.06v and older is vulnerable to Cross-Site Scripting in the HTTP Header handling resulting in the execution of any user provided Javascript code in the session of other users.... Read more

    Affected Products : live_helper_chat
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-1000046

    Mautic 2.6.1 and earlier fails to set flags on session cookies... Read more

    Affected Products : mautic mautic
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-0804

    A elevation of privilege vulnerability in the MediaTek mmc driver. Product: Android. Versions: Android kernel. Android ID: A-36274676. References: M-ALPS03361487.... Read more

    Affected Products : android
    • Published: Sep. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-0686

    A denial of service vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34231231.... Read more

    Affected Products : android
    • Published: Jul. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-0680

    A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37008096.... Read more

    Affected Products : android
    • Published: Jul. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-0639

    An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that iso... Read more

    Affected Products : android
    • Published: Jun. 14, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-9049

    An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port... Read more

    Affected Products : database_server
    • Published: Feb. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-0563

    An elevation of privilege vulnerability in the HTC touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device... Read more

    Affected Products : android linux_kernel
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-5401

    Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 and TD Express before 15.00.02.08_Sles10 and 15.00.02.08_Sles11 allow remote attackers to cause a denial of service (database crash) via a malformed CONFIG REQUEST message.... Read more

    Affected Products : teradata_express teradata_gateway
    • Published: May. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-0374

    lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before 2.102 allows local users to gain privileges via a crafted model in the current working directory, related to use of . with the INC array.... Read more

    Affected Products : config-model
    • Published: May. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-1551

    IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click action... Read more

    Affected Products : api_connect
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15383

    Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, exploitable via a Trojan horse Nero.exe file in the %PROGRAMFILES(x86)%\Nero directory.... Read more

    Affected Products : nero
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-16880

    The dump function in Util/TemplateHelper.php in filp whoops before 2.1.13 has XSS.... Read more

    Affected Products : whoops
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-9885

    An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior to 1.6.5 and 1.7.x versions prior to 1.7.1. The gfsh (Geode Shell) endpoint, used by operators and application developers to connect to their cluster, is unauthenticated and publicly ... Read more

    Affected Products : gemfire_for_pivotal_cloud_foundry
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292811 Results