Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-5636

    In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, the proxy chain serialization/deserialization is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a... Read more

    Affected Products : nifi
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-5618

    GNU screen before 4.5.1 allows local users to modify arbitrary files and consequently gain root privileges by leveraging improper checking of logfile permissions.... Read more

    Affected Products : screen
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-5584

    Cross-site scripting (XSS) vulnerability in the Management Web Interface in Palo Alto Networks PAN-OS 5.1, 6.x before 6.1.16, 7.0.x before 7.0.13, and 7.1.x before 7.1.8 allows remote authenticated users to inject arbitrary web script or HTML via unspecif... Read more

    Affected Products : pan-os
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-5570

    An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. This is a blind SQL injection within the messageJson.jsp, which can only be exploited by authenticated users via an HTTP POST request and which can be used to dump database data out to... Read more

    Affected Products : patient_portal
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-5237

    Due to a lack of authentication, an unauthenticated user who knows the Eview EV-07S GPS Tracker's phone number can revert the device to a factory default configuration with an SMS command, "RESET!"... Read more

    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-4972

    An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release ... Read more

    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 8.4

    HIGH
    CVE-2016-9976

    IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL request, which could allow the attacker to execute arbitrary code on the vulnerable server. IBM X-... Read more

    • Published: May. 03, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-9710

    IBM Predictive Solutions Foundation (formerly PMQ) could allow a remote attacker to include arbitrary files. A remote attacker could send a specially-crafted URL to specify a file from the local system, which could allow the attacker to obtain sensitive i... Read more

    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-3867

    A vulnerability in the Border Gateway Protocol (BGP) Bidirectional Forwarding Detection (BFD) implementation of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to bypass the access control list (ACL) for sp... Read more

    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-3747

    Privilege escalation vulnerability in Lenovo Nerve Center for Windows 10 on Desktop systems (Lenovo Nerve Center for notebook systems is not affected) that could allow an attacker with local privileges on a system to alter registry keys.... Read more

    Affected Products : windows_10 nerve_center
    • Published: Jun. 29, 2017
    • Modified: Apr. 20, 2025

  • 5.1

    MEDIUM
    CVE-2017-3504

    Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulnerability allows unauthenticated attacker with logon to th... Read more

    Affected Products : automatic_service_request
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9917

    IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to "Data from Faulting Address is used as one or more arguments in a subsequent ... Read more

    Affected Products : irfanview tools
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9905

    XnView Classic for Windows Version 2.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at Xfpx!gffGetFormatI... Read more

    Affected Products : xnview
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-3186

    ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC use non-random default credentials across all devices. A remote attacker can take complete control of a device using default admin credentials.... Read more

    Affected Products : camera_firmware
    • Published: Dec. 16, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9701

    In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing OEM unlock/unlock-go fastboot commands data leak may occur, resulting from writing uninitialized stack structure to non-volati... Read more

    Affected Products : android
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9639

    An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and prior. A memory corruption vulnerability has been identified (aka improper restriction of operations within the bounds of a memory buffer), which may allow remote code execution.... Read more

    Affected Products : v-server
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-9575

    The "FVB Mobile Banking" by First Volunteer Bank of Tennessee app 3.1.1 -- aka fvb-mobile-banking/id551018004 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive infor... Read more

    Affected Products : fvb_mobile_banking
    • Published: Jun. 16, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-9537

    Persistent cross-site scripting (XSS) in the Add Node function of SolarWinds Network Performance Monitor version 12.0.15300.90 allows remote attackers to introduce arbitrary JavaScript into various vulnerable parameters.... Read more

    Affected Products : network_performance_monitor
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-9509

    The review file upload resource in Atlassian Crucible before version 4.4.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the charset of a previously uploaded file.... Read more

    Affected Products : crucible fisheye
    • Published: Aug. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-9480

    The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows local users (e.g., users who have command access as a consequence of CVE-2017-9479 exploitation) to read arbitrary files via UPnP access to ... Read more

    • Published: Jul. 31, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292803 Results