Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2016-4683

    An issue was discovered in certain Apple products. macOS before 10.12.1 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and application... Read more

    Affected Products : mac_os_x mac_os_x
    • EPSS Score: %0.64
    • Published: Feb. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2016-5219

    A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome
    • EPSS Score: %0.53
    • Published: Jan. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-6089

    IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write to a file or delete files in a directory they should not have access to due to improper access controls. IBM X-Force ID: 117926.... Read more

    Affected Products : websphere_mq mq
    • EPSS Score: %0.04
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-9828

    The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SWF file.... Read more

    Affected Products : libming
    • EPSS Score: %0.22
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-11110

    The ole_init function in ole.c in catdoc 0.95 allows remote attackers to cause a denial of service (heap-based buffer underflow and application crash) or possibly have unspecified other impact via a crafted file, i.e., data is written to memory addresses ... Read more

    Affected Products : catdoc catdoc
    • EPSS Score: %0.20
    • Published: Jul. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-11299

    An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses.... Read more

    Affected Products : digital_editions
    • EPSS Score: %0.88
    • Published: Dec. 09, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-12458

    The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap read via a crafted nlm file.... Read more

    Affected Products : binutils
    • EPSS Score: %0.35
    • Published: Aug. 04, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-12959

    There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack.... Read more

    Affected Products : pspp
    • EPSS Score: %0.47
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-14248

    A heap-based buffer over-read in SampleImage() in MagickCore/resize.c in ImageMagick 7.0.6-8 Q16 allows remote attackers to cause a denial of service via a crafted file.... Read more

    Affected Products : imagemagick
    • EPSS Score: %0.28
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14496

    Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.... Read more

    • EPSS Score: %15.74
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-3046

    Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser, related to contiguous code-stream parsing.... Read more

    • EPSS Score: %4.48
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-5103

    Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.... Read more

    • EPSS Score: %1.16
    • Published: Oct. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-6716

    A vulnerability in the web framework code of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system. Affected Products... Read more

    • EPSS Score: %0.17
    • Published: Jul. 04, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-8295

    WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this me... Read more

    Affected Products : wordpress
    • EPSS Score: %61.98
    • Published: May. 04, 2017
    • Modified: Apr. 20, 2025

  • 5.0

    MEDIUM
    CVE-2017-8477

    Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application ... Read more

    • EPSS Score: %3.13
    • Published: Jun. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2964

    Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion engine, related to the parsing of JPEG EXIF metadata. Successful exploitation... Read more

    • EPSS Score: %9.12
    • Published: Jan. 11, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2017-10015

    Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Application Designer). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows low privileged attacker ... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • EPSS Score: %0.14
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17713

    Trape before 2017-11-05 has SQL injection via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp paramete... Read more

    Affected Products : trape
    • EPSS Score: %0.36
    • Published: Dec. 16, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-12785

    The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role) to g... Read more

    Affected Products : noviware
    • EPSS Score: %11.68
    • Published: Aug. 22, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-9037

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read may occur in the processing of a downlink 3G NAS message.... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292495 Results