Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-5616

    Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter.... Read more

    Affected Products : cgiecho cgiemail
    • Published: Mar. 03, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5600

    The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 allows remote attackers to obtain administrative access by leveraging a default privileged account.... Read more

    Affected Products : oncommand_insight
    • Published: Feb. 02, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-5689

    An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features g... Read more

    • Actively Exploited
    • Published: May. 02, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2017-5607

    Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.13.1, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3 and Splunk Light before 6.5.2 assigns the $C JS property to the global Window namespace... Read more

    Affected Products : splunk
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-5620

    An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1. Attachments are opened in a new tab instead of getting downloaded. This creates an attack vector of executing code in the domain of the application.... Read more

    Affected Products : zammad
    • Published: Mar. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-5610

    wp-admin/includes/class-wp-press-this.php in Press This in WordPress before 4.7.2 does not properly restrict visibility of a taxonomy-assignment user interface, which allows remote attackers to bypass intended access restrictions by reading terms.... Read more

    Affected Products : debian_linux wordpress
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5677

    PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection Vulnerability in the PHP Serializer. It allows remote code execution. In one viewpoint, the root cause is an incorrect regular expression.... Read more

    Affected Products : html_ajax
    • Published: Feb. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-5632

    An issue was discovered on the ASUS RT-N56U Wireless Router with Firmware 3.0.0.4.374_979. When executing an "nmap -O" command that specifies an IP address of an affected device, one can crash the device's WAN connection, causing disconnection from the In... Read more

    Affected Products : rt-n56u_firmware rt-n56u
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 4.6

    MEDIUM
    CVE-2017-5670

    Riverbed RiOS through 9.6.0 deletes the secure vault with the rm program (not shred or srm), which makes it easier for physically proximate attackers to obtain sensitive information by reading raw disk blocks.... Read more

    Affected Products : rios
    • Published: Apr. 04, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-5628

    An issue was discovered in Artifex Software, Inc. MuJS before 8f62ea10a0af68e56d5c00720523ebcba13c2e6a. The MakeDay function in jsdate.c does not validate the month, leading to an integer overflow when parsing a specially crafted JS file.... Read more

    Affected Products : mujs
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.9

    HIGH
    CVE-2017-5662

    In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously formed SVG files. The file types that can be shown depend on the user context in which the exploitable applica... Read more

    Affected Products : batik
    • Published: Apr. 18, 2017
    • Modified: Apr. 20, 2025

  • 8.5

    HIGH
    CVE-2017-5633

    Multiple cross-site request forgery (CSRF) vulnerabilities on the D-Link DI-524 Wireless Router with firmware 9.01 allow remote attackers to (1) change the admin password, (2) reboot the device, or (3) possibly have unspecified other impact via crafted re... Read more

    Affected Products : di-524 di-524_firmware
    • Published: Mar. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-5635

    In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the "anonymous" user.... Read more

    Affected Products : nifi
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-5653

    JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers.... Read more

    Affected Products : cxf
    • Published: Apr. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5642

    During installation of Ambari 2.4.0 through 2.4.2, Ambari Server artifacts are not created with proper ACLs.... Read more

    Affected Products : ambari
    • Published: Apr. 03, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-5717

    Type Confusion in Content Protection HECI Service in Intel Graphics Driver allows unprivileged user to elevate privileges via local access.... Read more

    Affected Products : graphics_driver
    • Published: Dec. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-5649

    Apache Geode before 1.1.1, when a cluster has enabled security by setting the security-manager property, allows remote authenticated users with CLUSTER:READ but not DATA:READ permission to access the data browser page in Pulse and consequently execute an ... Read more

    Affected Products : geode
    • Published: Apr. 04, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-5654

    In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.... Read more

    Affected Products : ambari
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-5663

    In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and 0.6.0-incubating, an authenticated user with client/loan/center/staff/group read permissions is able to inject malicious SQL into SELECT queries. The 'sqlSearch' parameter on a number of endpoints... Read more

    Affected Products : fineract
    • Published: Dec. 14, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-5647

    A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file process... Read more

    Affected Products : tomcat
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293618 Results