Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2017-17514

    boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates t... Read more

    Affected Products : debian_linux nip2
    • Published: Dec. 14, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17530

    common/help.c in Geomview 1.9.5 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: this is disputed by a t... Read more

    Affected Products : geomview
    • Published: Dec. 14, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-17553

    The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing implementation of the Intent URI scheme. This vulnerability could allow attackers to abuse this implementation through a malicious Intent URI, in order to invoke private Activities wi... Read more

    Affected Products : dolphin
    • Published: Dec. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17509

    In HDF5 1.10.1, there is an out of bounds write vulnerability in the function H5G__ent_decode_vec in H5Gcache.c in libhdf5.a. For example, h5dump would crash or possibly have unspecified other impact someone opens a crafted hdf5 file.... Read more

    Affected Products : hdf5
    • Published: Dec. 11, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17533

    default.tcl in Tkabber 1.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a third party has indicated ... Read more

    Affected Products : tkabber
    • Published: Dec. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17589

    FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php cat parameter or the browse-scategory.php sc parameter.... Read more

    Affected Products : thumbtack_clone
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17526

    Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.... Read more

    Affected Products : giac
    • Published: Dec. 14, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17535

    lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.... Read more

    Affected Products : gjots2
    • Published: Dec. 14, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17523

    lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --... Read more

    Affected Products : lilypond
    • Published: Dec. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-17537

    MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated remote attacker to cause a denial of service by connecting to TCP port 53 and sending data that begins with many '\0' characters, possibly related to DNS.... Read more

    Affected Products : routerboard routerboard
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17532

    examples/framework/news/news3.py in Kiwi 1.9.22 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.... Read more

    Affected Products : kiwi
    • Published: Dec. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17610

    E-commerce MLM Software 1.0 has SQL Injection via the service_detail.php pid parameter, event_detail.php eventid parameter, or news_detail.php newid parameter.... Read more

    Affected Products : e-commerce_mlm_software
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17531

    gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.... Read more

    Affected Products : global
    • Published: Dec. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17571

    FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords parameter.... Read more

    Affected Products : foodpanda_clone
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17529

    af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.... Read more

    Affected Products : abiword
    • Published: Dec. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17591

    Realestate Crowdfunding Script 2.7.2 has SQL Injection via the single-cause.php pid parameter.... Read more

    Affected Products : realestate_crowdfunding_script
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-17554

    A NULL pointer dereference (DoS) Vulnerability was found in the function aubio_source_avcodec_readframe in io/source_avcodec.c of aubio 0.4.6, which may lead to DoS when playing a crafted audio file.... Read more

    Affected Products : aubio
    • Published: Dec. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17623

    Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter.... Read more

    Affected Products : opensource_classified_ads_script
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17596

    Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the jobsearch_all.php rid1 parameter.... Read more

    Affected Products : entrepreneur_job_portal_script
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-17558

    The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows loc... Read more

    • Published: Dec. 12, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294733 Results