Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2017-2110

    The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : access_cx
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-2130

    Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. 3.7.13 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : phishwall_client
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-2153

    SEIL/x86 Fuji 1.70 to 5.62, SEIL/BPV4 5.00 to 5.62, SEIL/X1 1.30 to 5.62, SEIL/X2 1.30 to 5.62, SEIL/B1 1.00 to 5.62 allows remote attackers to cause a denial of service via specially crafted IPv4 UDP packets.... Read more

    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1104

    IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with... Read more

    Affected Products : rational_quality_manager
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11054

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur.... Read more

    Affected Products : android
    • Published: Oct. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-10900

    PTW-WMS1 firmware version 2.000.012 allows remote attackers to bypass access restrictions to obtain or delete data on the disk via unspecified vectors.... Read more

    Affected Products : ptw-wms1_firmware ptw-wms1
    • Published: Dec. 01, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-1000207

    A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger codegen version <= 2.2.2 yaml parsing functionality results in arbitrary code being executed when a maliciously crafted yaml Open-API specification is parsed. This in particular, affects th... Read more

    Affected Products : swagger-codegen swagger-parser
    • Published: Nov. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9958

    An improper access control vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an improper handling of the system configuration can allow an attacker to execute arbitrary code under the context of root.... Read more

    Affected Products : u.motion_builder
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-9940

    A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file system of the SiPass integrated server over the network.... Read more

    Affected Products : sipass_integrated
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-9925

    In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers to execute arbitrary code or cause a denial of service via a crafted file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d."... Read more

    Affected Products : windows swftools
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9918

    IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address controls Branch Selection starting at KERNELBASE!QueryOptionalDel... Read more

    Affected Products : irfanview tools
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9911

    XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Functio... Read more

    Affected Products : xnview
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9876

    IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0... Read more

    Affected Products : irfanview fpx
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-9860

    An issue was discovered in SMA Solar Technology products. An attacker can use Sunny Explorer or the SMAdata2+ network protocol to update the device firmware without ever having to authenticate. If an attacker is able to create a custom firmware version th... Read more

    • Published: Aug. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9851

    An issue was discovered in SMA Solar Technology products. By sending nonsense data or setting up a TELNET session to the database port of Sunny Explorer, the application can be crashed. NOTE: the vendor reports that the maximum possible damage is a commun... Read more

    Affected Products : sunny_explorer
    • Published: Aug. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9848

    SQL injection vulnerability in C_InfoService.asmx in WebServices in Easysite 7.0 could allow remote attackers to execute arbitrary SQL commands via an XML document containing a crafted ArticleIDs element within a GetArticleHitsArray element.... Read more

    Affected Products : easysite
    • Published: Jun. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-9792

    In Apache Impala (incubating) before 2.10.0, a malicious user with "ALTER" permissions on an Impala table can access any other Kudu table data by altering the table properties to make it "external" and then changing the underlying table mapping to point t... Read more

    Affected Products : impala
    • Published: Oct. 04, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-9767

    Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter to RM/Reservation/ReserveNew; the (3) Description parame... Read more

    Affected Products : cloudshell
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9700

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer overwrite is possible in fw_name_store if image name is 64 characters.... Read more

    Affected Products : android
    • Published: Dec. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9687

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, two concurrent threads/processes can write the value of "0" to the debugfs file that controls ipa ipc log which will lead to the double-free in... Read more

    Affected Products : android
    • Published: Oct. 10, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292905 Results