Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2017-7357

    Hipchat Server before 2.2.3 allows remote authenticated users with Server Administrator level privileges to execute arbitrary code by importing a file.... Read more

    Affected Products : hipchat_server
    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-7374

    Use-after-free vulnerability in fs/crypto/ in the Linux kernel before 4.10.7 allows local users to cause a denial of service (NULL pointer dereference) or possibly gain privileges by revoking keyring keys being used for ext4, f2fs, or ubifs encryption, ca... Read more

    Affected Products : linux_kernel
    • Published: Mar. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-7369

    In all Android releases from CAF using the Linux kernel, an array index in an ALSA routine is not properly validating potentially leading to kernel stack corruption.... Read more

    Affected Products : android
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-7373

    In all Android releases from CAF using the Linux kernel, a double free vulnerability exists in a display driver.... Read more

    Affected Products : android
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7397

    BackBox Linux 4.6 allows remote attackers to cause a denial of service (ksoftirqd CPU consumption) via a flood of packets with Martian source IP addresses (as defined in RFC 1812 section 5.3.7). This product enables net.ipv4.conf.all.log_martians by defau... Read more

    Affected Products : backbox_linux
    • Published: Apr. 03, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-7367

    In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image.... Read more

    Affected Products : android
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-7395

    In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by causing an integer overflow, an authenticated client can crash the server.... Read more

    Affected Products : tigervnc
    • Published: Apr. 01, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7387

    TheFirstQuestion/HelpMeWatchWho before 2017-03-28 is vulnerable to a reflected XSS in HelpMeWatchWho-master/unaired.php (episodeID parameter).... Read more

    Affected Products : helpmewatchwho
    • Published: Apr. 01, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-7400

    OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 allows remote authenticated administrators to conduct XSS attacks via a crafted federation mapping.... Read more

    Affected Products : horizon horizon
    • Published: Apr. 03, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7384

    Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF allows remote attackers to inject arbitrary web script or HTML via the currentHTMLURL parameter.... Read more

    Affected Products : flip_pdf
    • Published: Jun. 01, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7391

    A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the 'magmi-git-master/magmi/web/ajax_gettime.php' URL. An attacker could execute arbitrary HTML... Read more

    Affected Products : magmi
    • Published: Apr. 01, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7404

    On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the Router's Web Interface visits a malicious site from another Browser tab, the malicious site then can send requests to the victim's Router without knowing the credentials (CSRF). An att... Read more

    Affected Products : dir-615 dir-615
    • Published: Jul. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-7452

    The iwbmp_read_info_header function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.... Read more

    Affected Products : imageworsener imageworsener
    • Published: Apr. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7394

    In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), unauthenticated users can crash the server by sending long usernames.... Read more

    Affected Products : tigervnc
    • Published: Apr. 01, 2017
    • Modified: Apr. 20, 2025

  • 2.4

    LOW
    CVE-2017-7407

    The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument e... Read more

    Affected Products : curl
    • Published: Apr. 03, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7390

    A Cross-Site Scripting (XSS) was discovered in 'SocialNetwork v1.2.1'. The vulnerability exists due to insufficient filtration of user-supplied data (mail) passed to the 'SocialNetwork-andrea/app/template/pw_forgot.php' URL. An attacker could execute arbi... Read more

    Affected Products : socialnetwork
    • Published: Apr. 01, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7398

    D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. This enables an attacker to perform an unwanted action on a wireless router for which the user/admin is currently authenticated, as demonstrated by changing t... Read more

    • Published: Apr. 04, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-7428

    NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of connection parameters with Tomcat.... Read more

    Affected Products : imanager
    • Published: May. 03, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7393

    In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an authenticated client can cause a double free, leading to denial of service or potentially code execution.... Read more

    Affected Products : tigervnc
    • Published: Apr. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-7383

    The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PDF document.... Read more

    Affected Products : podofo
    • Published: Apr. 03, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293620 Results