Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2017-8752

    Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scrip... Read more

    Affected Products : edge windows_10 windows_server_2016
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-8753

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka ... Read more

    Affected Products : edge windows_10 windows_server_2016
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-8765

    The function named ReadICONImage in coders\icon.c in ImageMagick 7.0.5-5 has a memory leak vulnerability which can cause memory exhaustion via a crafted ICON file.... Read more

    Affected Products : imagemagick
    • Published: May. 04, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-8772

    On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root") and can: 1. Read the entire file system; 2. Write to the file system; or 3. Execute any code ... Read more

    • Published: Sep. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-8834

    The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.... Read more

    Affected Products : leap libcroco
    • Published: Jun. 12, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-8780

    GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during a publish operation by an administrator, as demonstrated by a malformed P element.... Read more

    Affected Products : genixcms genixcms
    • Published: May. 04, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8795

    An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/smtpg_add.html with the param parameter.... Read more

    Affected Products : file_transfer_appliance
    • Published: May. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-8781

    XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted JPEG 2000 file that is mishandled during the opening of a directory in "Browser" mode, because of a "Stack Buffer Overrun" issue.... Read more

    Affected Products : xnview
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-8785

    FastStone Image Viewer 6.2 has a "Data from Faulting Address may be used as a return value" issue. This issue can be triggered by a malformed JPEG 2000 file that is mishandled by FSViewer.exe. Attackers could exploit this issue for DoS (Access Violation) ... Read more

    Affected Products : image_viewer
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-8823

    In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, there is a use-after-free in onion service v2 during intro-point expiration because the expiring list is mismanaged in cer... Read more

    Affected Products : debian_linux tor
    • Published: Dec. 03, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-8771

    On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet (which is open by default) with default credentials as root (username:"root" password:"root"). The attacker can make a user that is connected to the repeater click on a malicious link tha... Read more

    • Published: Sep. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8811

    The implementation of raw message parameter expansion in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows HTML mangling attacks.... Read more

    Affected Products : debian_linux mediawiki
    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8791

    An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a home/seos/courier/login.html auth_params CRLF attack vector.... Read more

    Affected Products : file_transfer_appliance
    • Published: May. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.9

    MEDIUM
    CVE-2017-8831

    The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequenc... Read more

    Affected Products : linux_kernel ubuntu_linux debian_linux
    • Published: May. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-8803

    Notepad++ 7.3.3 (32-bit) with Hex Editor Plugin v0.9.5 might allow user-assisted attackers to execute code via a crafted file, because of a "Data from Faulting Address controls Code Flow" issue. One threat model is a victim who obtains an untrusted crafte... Read more

    Affected Products : notepad\+\+ hex_editor
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-8818

    curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library... Read more

    Affected Products : curl libcurl
    • Published: Nov. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-8810

    MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2, when a private wiki is configured, provides different error messages for failed login attempts depending on whether the username exists, which allows remote attackers to enumerate ac... Read more

    Affected Products : debian_linux mediawiki
    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-8845

    The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in lrzip 0.631, allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted archive.... Read more

    Affected Products : long_range_zip lrzip
    • Published: May. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-8814

    The language converter in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows attackers to replace text inside tags via a rule definition followed by "a lot of junk."... Read more

    Affected Products : debian_linux mediawiki
    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-8822

    In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, relays (that have incompletely downloaded descriptors) can pick themselves in a circuit path, leading to a degradation of ... Read more

    Affected Products : debian_linux tor
    • Published: Dec. 03, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293562 Results