Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2017-7620

    MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits a backslash check in string_api.php and consequently has conflicting interpretations of an initial \/ substring as introducing either a local pathname or a remote hostname, which leads... Read more

    Affected Products : mantisbt
    • Published: May. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7866

    FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.... Read more

    Affected Products : ffmpeg
    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7663

    Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0.... Read more

    Affected Products : openmeetings
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7647

    SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4 allows an authenticated user to execute arbitrary commands.... Read more

    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7696

    SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_resources/qr, aka SAP Security Note 2389042.... Read more

    Affected Products : sso_authentication_library
    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7681

    Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.... Read more

    Affected Products : openmeetings
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2017-7693

    Directory traversal vulnerability in viewer_script.jsp in Riverbed OPNET App Response Xpert (ARX) version 9.6.1 allows remote authenticated users to inject arbitrary commands to read OS files.... Read more

    Affected Products : opnet_app_response_xpert
    • Published: Aug. 26, 2017
    • Modified: Apr. 20, 2025

  • 8.5

    HIGH
    CVE-2017-7669

    In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with insufficient input validation. When the docker feature is enabled, authenticated users can run commands as root.... Read more

    Affected Products : hadoop
    • Published: Jun. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7695

    Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code.... Read more

    Affected Products : bigtree_cms
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7670

    The Traffic Router component of the incubating Apache Traffic Control project is vulnerable to a Slowloris style Denial of Service attack. TCP connections made on the configured DNS port will remain in the ESTABLISHED state until the client explicitly clo... Read more

    Affected Products : traffic_control
    • Published: Jul. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7675

    The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.... Read more

    Affected Products : tomcat
    • Published: Aug. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7746

    In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-slsk.c by adding checks for the remaining length.... Read more

    Affected Products : debian_linux wireshark
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-7700

    In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file parser could go into an infinite loop, triggered by a malformed capture file. This was addressed in wiretap/netscaler.c by ensuring a nonzero record size.... Read more

    Affected Products : debian_linux wireshark
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7719

    SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_functions.php, related to front_end/frontend_functions.php.... Read more

    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-7735

    A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.2.0 through 5.2.11 and 5.4.0 through 5.4.4 allows attackers to execute unauthorized code or commands via the "Groups" input while creating or editing User Groups.... Read more

    Affected Products : fortios
    • Published: Sep. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-7704

    In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-dof.c by using a different integer data type and adjusting a return valu... Read more

    Affected Products : wireshark
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-7701

    In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-bgp.c by using a different integer data type.... Read more

    Affected Products : wireshark
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2017-7722

    In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the men... Read more

    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-7716

    The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.... Read more

    Affected Products : radare2
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7723

    XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the e-mail subject or body.... Read more

    Affected Products : easy_wp_smtp
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293608 Results