Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2014-9964

    In all Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in debug functionality.... Read more

    Affected Products : android
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15946

    In the com_tag component 1.7.6 for Joomla!, a SQL injection vulnerability is located in the `tag` parameter to index.php. The request method to execute is GET.... Read more

    Affected Products : tag_meta
    • Published: Oct. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2014-9962

    In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of a DRM provisioning command.... Read more

    Affected Products : android
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-15879

    CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export.... Read more

    Affected Products : keystone
    • Published: Oct. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15785

    XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Data Execution Prevention Violation near NULL starting at Unknown Symbol @ 0x0000000000000000 called fro... Read more

    Affected Products : xnview windows
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15766

    IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at Baba... Read more

    Affected Products : irfanview babacad4image
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15761

    IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at BabaCAD4Image!ShowPlugInOptions+0x000000000001ecaa."... Read more

    Affected Products : irfanview babacad4image
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15757

    IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at Baba... Read more

    Affected Products : irfanview babacad4image
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15755

    IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at veri... Read more

    Affected Products : irfanview babacad4image
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15744

    IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Read Access Violation on Control Flow starting at CADIMAGE+0x00000000003d35a7."... Read more

    Affected Products : irfanview cadimage
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15743

    IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address may be used as a return value starting at ... Read more

    Affected Products : irfanview cadimage
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15741

    IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Possible Stack Corruption starting at CADIMAGE+0x00000000003d2378."... Read more

    Affected Products : irfanview cadimage
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-15728

    In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via metaDescription or metaKeywords.... Read more

    Affected Products : phpmyfaq
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-15673

    The files function in the administration section in CS-Cart 4.6.2 and earlier allows attackers to execute arbitrary PHP code via vectors involving a custom page.... Read more

    Affected Products : cs-cart
    • Published: Nov. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-15312

    Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) vulnerability in the dashboard module. A remote authenticated attacker could exploit this vulnerability to inject malicious scripts in the affected device.... Read more

    Affected Products : smartcare
    • Published: Dec. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15257

    IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x000... Read more

    Affected Products : irfanview pdf
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15245

    IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!x... Read more

    Affected Products : irfanview pdf
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15241

    IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!x... Read more

    Affected Products : irfanview pdf
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-15012

    OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 does not properly validate the input of the PUT_FILE RPC-command, which allows any authenticated user to hijack an arbitrary file from the Content Server filesystem; b... Read more

    Affected Products : documentum_content_server
    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-3840

    A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect Vulnerability. More Information: CSCvc04849. Known Affect... Read more

    Affected Products : secure_access_control_system
    • Published: Feb. 22, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292851 Results