Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-9149

    Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to perform "Clean metadata" actions upon invocation from the Nautilus contextual menu, which allows context-dependent attackers to obtain sensitive information by reading a file for which c... Read more

    Affected Products : metadata_anonymisation_toolkit
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9068

    In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.... Read more

    Affected Products : modx_revolution revolution
    • Published: May. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9024

    Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes Secure Cisco Auditor (SCA) 3.0, has a Directory Traversal issue in its TFTP Server, allowing attackers to read arbitrary files via ../ sequences in a pathname.... Read more

    Affected Products : secure_cisco_auditor
    • Published: May. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8892

    Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image.... Read more

    Affected Products : tempo_box
    • Published: May. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-8853

    Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in dapur/apps/app_config/controller/backuper.php via directory traversal in the file parameter during an act=db action.... Read more

    Affected Products : fiyo_cms
    • Published: May. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-8789

    An issue was discovered on Accellion FTA devices before FTA_9_12_180. A report_error.php?year='payload SQL injection vector exists.... Read more

    Affected Products : file_transfer_appliance
    • Published: May. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-8770

    There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 devices that allows attackers to read the entire filesystem on the device via a crafted getpage parameter.... Read more

    • Published: Sep. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8760

    An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in courier/1000@/index.html with the auth_params parameter. The device tries to use internal WAF filters to stop specific XSS Vulnerabilities. However, these can be bypasse... Read more

    Affected Products : file_transfer_appliance
    • Published: May. 05, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-8453

    Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an out-of-bounds read that allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted font in a PDF document.... Read more

    Affected Products : foxit_reader phantompdf
    • Published: May. 03, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-8443

    In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user opens a crafted Kibana URL the result could be a redirect to an improperly initialized Kibana login screen. If the user enters credentials on this screen, the credentials will appear in th... Read more

    Affected Products : kibana
    • Published: Jun. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-8256

    In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses.... Read more

    Affected Products : android
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-8251

    In all Qualcomm products with Android releases from CAF using the Linux kernel, in functions msm_isp_check_stream_cfg_cmd & msm_isp_stats_update_cgc_override, 'stream_cfg_cmd->num_streams' is not checked, and could overflow the array stream_cfg_cmd->strea... Read more

    Affected Products : android
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-8221

    Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunnel protocol (aka the Cloud feature) for communication between an Android application and a camera device, which allows remote attackers to obtain sensitive information by sniffing the ne... Read more

    • Published: Apr. 25, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-8205

    The Bastet driver of Honor 9 Huawei smart phones with software of versions earlier than Stanford-AL10C00B175 has integer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has th... Read more

    Affected Products : honor_9_firmware honor_9
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-8169

    Huawei smart phones with software earlier than VIE-L09C40B360 versions have a buffer overflow vulnerability due to the lack of parameter validation. An attacker tricks a user into installing a malicious APP which has the root privilege; the APP can send a... Read more

    Affected Products : vie-l09_firmware vie-l09
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-8137

    HedEx Earlier than V200R006C00 versions has a dynamic link library (DLL) hijacking vulnerability due to calling the DDL file by accessing a relative path. An attacker could exploit this vulnerability to tamper with the DLL file, leading to DLL hijacking.... Read more

    Affected Products : hedex_lite
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-2242

    Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php.... Read more

    Affected Products : exponent_cms
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-8104

    In MyBB before 1.8.11, the smilie module allows Directory Traversal via the pathfolder parameter.... Read more

    Affected Products : mybb
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-8058

    Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat before 3.16.2 for iOS allows a man-in-the-middle and/or physically proximate attacker to silently intercept information sent during the login API call.... Read more

    Affected Products : hipchat
    • Published: May. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-8015

    EMC AppSync (all versions prior to 3.5) contains a SQL injection vulnerability that could potentially be exploited by malicious users to compromise the affected system.... Read more

    Affected Products : appsync
    • Published: Sep. 12, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292802 Results