Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-8024

    EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affect... Read more

    Affected Products : isilon_onefs isilon_onefs
    • Published: Oct. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-8775

    Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file.... Read more

    • Published: May. 04, 2017
    • Modified: Apr. 20, 2025

  • 8.0

    HIGH
    CVE-2017-2283

    WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.... Read more

    Affected Products : wn-g300r3_firmware wn-g300r3
    • Published: Aug. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2272

    Untrusted search path vulnerability in Self-extracting encrypted files created by AttacheCase ver.3.2.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : attachecase
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2267

    Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : filecapsule_deluxe_portable
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-2097

    Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.... Read more

    Affected Products : knowledge
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-2092

    Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : garoon
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-2110

    The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : access_cx
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-2130

    Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. 3.7.13 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : phishwall_client
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-2153

    SEIL/x86 Fuji 1.70 to 5.62, SEIL/BPV4 5.00 to 5.62, SEIL/X1 1.30 to 5.62, SEIL/X2 1.30 to 5.62, SEIL/B1 1.00 to 5.62 allows remote attackers to cause a denial of service via specially crafted IPv4 UDP packets.... Read more

    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1104

    IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with... Read more

    Affected Products : rational_quality_manager
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11054

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur.... Read more

    Affected Products : android
    • Published: Oct. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-10900

    PTW-WMS1 firmware version 2.000.012 allows remote attackers to bypass access restrictions to obtain or delete data on the disk via unspecified vectors.... Read more

    Affected Products : ptw-wms1_firmware ptw-wms1
    • Published: Dec. 01, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-1000207

    A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects th... Read more

    Affected Products : swagger-codegen swagger-parser
    • Published: Nov. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9958

    An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root.... Read more

    Affected Products : u.motion_builder
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-9940

    A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network.... Read more

    Affected Products : sipass_integrated
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-9925

    In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d."... Read more

    Affected Products : windows swftools
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9918

    IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address controls Branch Selection starting at KERNELBASE!QueryOptionalDel... Read more

    Affected Products : irfanview tools
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9911

    XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Functio... Read more

    Affected Products : xnview
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9876

    IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0... Read more

    Affected Products : irfanview fpx
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292797 Results