Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2017-9646

    An Uncontrolled Search Path Element issue was discovered in Solar Controls Heating Control Downloader (HCDownloader) Version 1.0.1.15 and prior. An uncontrolled search path element has been identified, which could allow an attacker to execute arbitrary co... Read more

    Affected Products : heating_control_downloader
    • EPSS Score: %0.15
    • Published: Aug. 14, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-9578

    The "RVCB Mobile" by RVCB Mobile Banking app 3.0.0 -- aka rvcb-mobile/id757928895 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certifi... Read more

    Affected Products : rvcb_mobile
    • EPSS Score: %0.12
    • Published: Jun. 16, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-9594

    The "SVB Mobile" by Sauk Valley Bank Mobile Banking app 3.0.0 -- aka svb-mobile/id796429885 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a craft... Read more

    Affected Products : svb_mobile
    • EPSS Score: %0.12
    • Published: Jun. 16, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-9581

    The "Algonquin State Bank Mobile Banking" by Algonquin State Bank app 3.0.0 -- aka algonquin-state-bank-mobile-banking/id1089657735 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and ... Read more

    • EPSS Score: %0.12
    • Published: Jun. 16, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-9684

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a USB driver can lead to a Use After Free condition.... Read more

    Affected Products : android
    • EPSS Score: %0.07
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-9585

    The "Community State Bank - Lamar Mobile Banking" by Community State Bank - Lamar app 3.0.3 -- aka community-state-bank-lamar-mobile-banking/id1083927885 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers... Read more

    Affected Products : community_state_bank-lamar
    • EPSS Score: %0.12
    • Published: Jun. 16, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9602

    KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deletion functionality. Through this functionality, a user ca... Read more

    Affected Products : knowledge kbvault_mysql
    • EPSS Score: %7.38
    • Published: Jun. 16, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-9588

    The "Oritani Mobile Banking" by Oritani Bank app 3.0.0 -- aka oritani-mobile-banking/id778851066 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a ... Read more

    Affected Products : oritani_mobile_banking
    • EPSS Score: %0.12
    • Published: Jun. 16, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9622

    Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data.... Read more

    Affected Products : epesi
    • EPSS Score: %0.22
    • Published: Jun. 14, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-9598

    The "Morton Credit Union Mobile Banking" by Morton Credit Union app 3.0.1 -- aka morton-credit-union-mobile-banking/id1119623070 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obt... Read more

    • EPSS Score: %0.12
    • Published: Jun. 16, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-9600

    The "Peoples Bank Tulsa" by Peoples Bank - OK app 3.0.2 -- aka peoples-bank-tulsa/id1074279285 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a cr... Read more

    Affected Products : peoples_bank_tulsa
    • EPSS Score: %0.12
    • Published: Jun. 16, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-9647

    A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti ... Read more

    Affected Products : s-gold_2_pmb_8876
    • EPSS Score: %0.10
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9612

    The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS 9.21 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document.... Read more

    Affected Products : debian_linux ghostscript_ghostxps
    • EPSS Score: %0.39
    • Published: Jul. 26, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9623

    Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data.... Read more

    Affected Products : epesi
    • EPSS Score: %0.22
    • Published: Jun. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-9678

    In all Qualcomm products with Android releases from CAF using the Linux kernel, in a video driver, memory corruption can potentially occur due to lack of bounds checking in a memcpy().... Read more

    Affected Products : android
    • EPSS Score: %0.09
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-9608

    The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted mov file.... Read more

    Affected Products : ffmpeg
    • EPSS Score: %8.94
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9624

    Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data.... Read more

    Affected Products : epesi
    • EPSS Score: %0.22
    • Published: Jun. 14, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9669

    A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file.... Read more

    Affected Products : alpine_linux
    • EPSS Score: %4.38
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-9599

    The "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app before 3.2.0 -- aka fountain-trust-mobile-banking/id891343006 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obta... Read more

    Affected Products : fountain_trust_mobile_banking
    • EPSS Score: %0.12
    • Published: Jun. 16, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-9762

    The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows remote attackers to cause a denial of service (use-after-free and application crash) via a crafted binary file.... Read more

    Affected Products : radare2
    • EPSS Score: %0.20
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292508 Results