Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2014-9981

    In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot.... Read more

    Affected Products : android
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2015-9229

    In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter.... Read more

    Affected Products : nextgen_gallery
    • Published: Sep. 12, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-9043

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced upon the expiry of a timer.... Read more

    Affected Products : android
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-9040

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in a GERAN API.... Read more

    Affected Products : android
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2015-9031

    In all Android releases from CAF using the Linux kernel, a TZ memory address is exposed to HLOS by HDCP.... Read more

    Affected Products : android
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-1254

    IBM Security Guardium 10.0 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume memory resources. IBM X-Force ID: 12463... Read more

    Affected Products : security_guardium
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-10513

    Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted search expression to include/functions_search.inc.php.... Read more

    Affected Products : piwigo
    • Published: Oct. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15259

    IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!x... Read more

    Affected Products : irfanview pdf
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15258

    IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlParserInputRead+0x000000000... Read more

    Affected Products : irfanview pdf
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15254

    IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a "Read Access Violation starting at PDF!xmlGetGlobalState+0x0000000000... Read more

    Affected Products : irfanview pdf
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-3499

    Vulnerability in the Oracle Social Network component of Oracle Fusion Middleware (subcomponent: Android Client). The supported version that is affected is prior to 11.1.12.0.0 (17019101). Easily "exploitable" vulnerability allows unauthenticated attacker ... Read more

    Affected Products : social_network
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14969

    In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an Arbitrary Write vulnerability because of not validating input values from IOCtl 0x83000084, a related issue to CVE-2017-17114.... Read more

    Affected Products : ikarus_antivirus anti.virus
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-3793

    A vulnerability in the TCP normalizer of Cisco Adaptive Security Appliance (ASA) Software (8.0 through 8.7 and 9.0 through 9.6) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause Cisco ASA and FTD to... Read more

    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-14931

    ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted JPEG file.... Read more

    Affected Products : openexif
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 8.0

    HIGH
    CVE-2017-14924

    Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page ... Read more

    Affected Products : tikiwiki_cms\/groupware
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14897

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while handling the QSEOS_RPMB_CHECK_PROV_STATUS_COMMAND, a userspace buffer is directly accessed in kernel space.... Read more

    Affected Products : android
    • Published: Dec. 05, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14763

    In the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme.... Read more

    Affected Products : genixcms
    • Published: Sep. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14706

    DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5... Read more

    Affected Products : i-suite web_application_firewall
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.5

    HIGH
    CVE-2017-3472

    Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Portfolio Management). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 and 12.0.1. Easily "exploitable" vulnerability al... Read more

    Affected Products : flexcube_private_banking
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14692

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000653b."... Read more

    Affected Products : stdu_viewer
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292830 Results