Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2017-2113

    Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.... Read more

    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-8387

    STDU Viewer version 1.6.375 might allow user-assisted attackers to execute code via a crafted file. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands including Ctrl-+ command... Read more

    Affected Products : stdu_viewer
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-8370

    IrfanView version 4.44 (32bit) with FPX Plugin 4.45 allows remote attackers to execute arbitrary code or cause a denial of service (Heap Corruption and application crash) in processing a FlashPix (.FPX) file, a different vulnerability than CVE-2017-7721.... Read more

    Affected Products : irfanview fpx
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-8277

    In all Qualcomm products with Android releases from CAF using the Linux kernel, in the function msm_dba_register_client, if the client registers failed, it would be freed. However the client was not removed from list. Use-after-free would occur when trave... Read more

    Affected Products : android
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.0

    HIGH
    CVE-2017-8193

    The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with m... Read more

    Affected Products : fusionsphere_openstack
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-8147

    AC6005 V200R006C10SPC200,AC6605 V200R006C10SPC200,AR1200 with software V200R005C10CP0582T, V200R005C10HP0581T, V200R005C20SPC026T,AR200 with software V200R005C20SPC026T,AR3200 V200R005C20SPC026T,CloudEngine 12800 with software V100R003C00, V100R005C00, V1... Read more

    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2012-4449

    Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-dependent attackers to crack secret keys via a brute-force at... Read more

    Affected Products : hadoop
    • Published: Oct. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-7929

    An Absolute Path Traversal issue was discovered in Advantech WebAccess Version 8.1 and prior. The absolute path traversal vulnerability has been identified, which may allow an attacker to traverse the file system to access restricted files or directories.... Read more

    Affected Products : webaccess
    • Published: May. 06, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7615

    MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.... Read more

    Affected Products : mantisbt
    • Published: Apr. 16, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7339

    A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the 'Name' and 'Description' inputs in the 'Add Revision Backup' functionality.... Read more

    Affected Products : fortiportal
    • Published: May. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7338

    A password management vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to carry out information disclosure via the FortiAnalyzer Management View.... Read more

    Affected Products : fortiportal
    • Published: May. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-7293

    The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileges, because these services have .NET code for DCOM. This affects Dolby Audio X2 (DAX2) 1.0, 1.0.1, 1.1, 1... Read more

    Affected Products : dolby_audio_x2 dolby_audio_x3
    • Published: Apr. 26, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17983

    PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the view-profile.php mem_id parameter.... Read more

    Affected Products : muslim_matrimonial_script
    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-17868

    In Liferay Portal 6.1.0, the tags section has XSS via a Public Render Parameter (p_r_p) value, as demonstrated by p_r_p_564233524_tag.... Read more

    Affected Products : liferay_portal
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17056

    The ZKTime Web Software 2.0.1.12280 allows the Administrator to elevate the privileges of the application user using a 'password_change()' function of the Modify Password component, reachable via the old_password, new_password1, and new_password2 paramete... Read more

    Affected Products : zktime_web
    • Published: Dec. 04, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-17776

    Paid To Read Script 2.0.5 has full path disclosure via an invalid admin/userview.php uid parameter.... Read more

    Affected Products : paid_to_read_script
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-17716

    GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate verification, but a verify_certificates LDAP option was mentioned in the 9.4 release announcement. This issue occurred because code was not merged. This is related to use of the omniauth-ldap... Read more

    Affected Products : gitlab
    • Published: Dec. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.4

    HIGH
    CVE-2017-17704

    A door-unlocking issue was discovered on Software House iStar Ultra devices through 6.5.2.20569 when used in conjunction with the IP-ACM Ethernet Door Module. The communications between the IP-ACM and the iStar Ultra is encrypted using a fixed AES key and... Read more

    • Published: Dec. 31, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-17684

    Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 \\.\PSMEMDriver DeviceIoControl request.... Read more

    Affected Products : panda_global_protection
    • Published: Dec. 14, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-6645

    A vulnerability in the web interface of Cisco Remote Expert Manager Software 11.0.0 could allow an unauthenticated, remote attacker to access sensitive Virtual Temporary Directory information on an affected system. The vulnerability exists because the aff... Read more

    Affected Products : remote_expert_manager
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292827 Results