Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2017-14931

    ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted JPEG file.... Read more

    Affected Products : openexif
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 8.0

    HIGH
    CVE-2017-14924

    Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to gain administrator privileges if an administrator opens a wiki page ... Read more

    Affected Products : tikiwiki_cms\/groupware
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14897

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while handling the QSEOS_RPMB_CHECK_PROV_STATUS_COMMAND, a userspace buffer is directly accessed in kernel space.... Read more

    Affected Products : android
    • Published: Dec. 05, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14763

    In the Install Themes page in GeniXCMS 1.1.4, remote authenticated users can execute arbitrary PHP code via a .php file in a ZIP archive of a theme.... Read more

    Affected Products : genixcms
    • Published: Sep. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14706

    DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to obtain authentication information by making a typeOf=debug request to /webservices/download/index.php, and then reading the iToken field in the reply. This affects DenyAll i-Suite LTS 5.5... Read more

    Affected Products : i-suite web_application_firewall
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.5

    HIGH
    CVE-2017-3472

    Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Portfolio Management). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 and 12.0.1. Easily "exploitable" vulnerability al... Read more

    Affected Products : flexcube_private_banking
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14692

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at STDUJBIG2File!DllGetClassObject+0x000000000000653b."... Read more

    Affected Products : stdu_viewer
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14639

    AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617 uses incorrect character data types, which causes a stack-based buffer underflow and out-of-bounds write, leading to denial of service (application crash) or possibly unspeci... Read more

    Affected Products : bento4
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14540

    IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at CADIMAGE+0x000000000001f23e."... Read more

    Affected Products : irfanview
    • Published: Sep. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-14335

    On Beijing Hanbang Hanbanggaoke devices, because user-controlled input is not sufficiently sanitized, sending a PUT request to /ISAPI/Security/users/1 allows an admin password change.... Read more

    • Published: Sep. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-3193

    Multiple D-Link devices including the DIR-850L firmware versions 1.14B07 and 2.07.B05 contain a stack-based buffer overflow vulnerability in the web administration interface HNAP service.... Read more

    Affected Products : dir-850l_firmware dir-850l
    • Published: Dec. 16, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-14420

    The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attacker... Read more

    Affected Products : dir-850l_firmware dir-850l
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-14419

    The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices, participates in mydlink Cloud Services by establishing a TCP relay service for HTTP, even th... Read more

    Affected Products : dir-850l_firmware dir-850l
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-14407

    A stack-based buffer over-read was discovered in filterYule in gain_analysis.c in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.... Read more

    Affected Products : mp3gain
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-14405

    The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php.... Read more

    Affected Products : eyesofnetwork
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-14322

    The function in charge to check whether the user is already logged in init.php in Interspire Email Marketer (IEM) prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEM_CookieLogin cookie with a s... Read more

    Affected Products : email_marketer
    • Published: Oct. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14309

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ec8."... Read more

    Affected Products : stdu_viewer
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14297

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls Code Flow starting at STDUJBIG2File!DllGetClassObject+0x0000000000002f35."... Read more

    Affected Products : stdu_viewer
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14295

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls Code Flow starting at STDUJBIG2File+0x00000000000015e9."... Read more

    Affected Products : stdu_viewer
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-14240

    There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter.... Read more

    Affected Products : dolibarr_erp\/crm dolibarr
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293179 Results