Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.2

    HIGH
    CVE-2017-3411

    Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerabili... Read more

    Affected Products : advanced_outbound_telephony
    • EPSS Score: %0.84
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.2

    HIGH
    CVE-2017-3443

    Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allow... Read more

    Affected Products : common_applications
    • EPSS Score: %0.65
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.5

    HIGH
    CVE-2017-3523

    Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.40 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple pr... Read more

    • EPSS Score: %0.59
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-3531

    Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Servlet Runtime). Supported versions that are affected are 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2. Easily "exploitable" vulnerability allows unauthenticate... Read more

    Affected Products : weblogic_server
    • EPSS Score: %1.19
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-3555

    Vulnerability in the Oracle iReceivables component of Oracle E-Business Suite (subcomponent: Self Registration). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows ... Read more

    Affected Products : ireceivables
    • EPSS Score: %2.88
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2017-3608

    Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 6.2.32. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to co... Read more

    Affected Products : berkeley_db
    • EPSS Score: %0.83
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 4.9

    MEDIUM
    CVE-2017-3642

    Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.18 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple p... Read more

    Affected Products : mysql mysql_server
    • EPSS Score: %0.29
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 8.6

    HIGH
    CVE-2017-3790

    A vulnerability in the received packet parser of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) software could allow an unauthenticated, remote attacker to cause a reload of the affected system, resulting in a denial of se... Read more

    • EPSS Score: %0.30
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 8.6

    HIGH
    CVE-2017-3863

    Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 and 15.0 through 15.6) and Cisco IOS XE (3.2 through 3.18) could allow an unauthenticated, remote attacker to cause a buffer overflow condition or a reload of an affected device, leading... Read more

    Affected Products : ios_xe ios
    • EPSS Score: %0.68
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-4904

    The XHCI controller in VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, and 5.5 without patch ESXi550-201703401-SG; Worksta... Read more

    • EPSS Score: %0.06
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-5056

    A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.... Read more

    • EPSS Score: %0.91
    • Published: Oct. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-4998

    EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is potentially affected by a cross-site request forgery vulnerability. A remote low privileged attacker may potentially exploit the vulnerability to execute unauthorized requests on behal... Read more

    Affected Products : rsa_archer_egrc
    • EPSS Score: %0.38
    • Published: Jul. 07, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-5001

    EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an information exposure through an error message vulnerability. A remote low privileged attacker may potentially exploit this vulnerability to use information disclosed in ... Read more

    Affected Products : rsa_archer_egrc
    • EPSS Score: %0.20
    • Published: Jul. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-5007

    Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted... Read more

    Affected Products : chrome
    • EPSS Score: %5.62
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-5013

    Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new tab page navigations in non-selected tabs, which allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.... Read more

    Affected Products : chrome
    • EPSS Score: %0.60
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2017-5014

    Heap buffer overflow during image processing in Skia in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.... Read more

    Affected Products : chrome
    • EPSS Score: %0.84
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2017-5038

    Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.... Read more

    • EPSS Score: %0.94
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-5064

    Incorrect handling of DOM changes in Blink in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.... Read more

    Affected Products : chrome windows
    • EPSS Score: %0.98
    • Published: Oct. 27, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-5079

    Inappropriate implementation in Blink in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.... Read more

    • EPSS Score: %0.71
    • Published: Oct. 27, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-5096

    Insufficient policy enforcement during navigation between different schemes in Google Chrome prior to 60.0.3112.78 for Android allowed a remote attacker to perform cross origin content download via a crafted HTML page, related to intents.... Read more

    Affected Products : android chrome
    • EPSS Score: %0.40
    • Published: Oct. 27, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292495 Results