Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2017-17913

    In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based buffer over-read in WriteWEBPImage in coders/webp.c, related to an incompatibility with libwebp versions, 0.5.0 and later, that use a different structure type.... Read more

    Affected Products : debian_linux graphicsmagick
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-17916

    SQL injection vulnerability in the 'find_by' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this meth... Read more

    Affected Products : rails ruby_on_rails
    • Published: Dec. 29, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-17924

    PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via the id parameter to admin/review_userwise.php.... Read more

    Affected Products : professional_service_script
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-17919

    SQL injection vulnerability in the 'order' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id desc' parameter. NOTE: The vendor disputes this issue because the documentation states that this met... Read more

    Affected Products : ruby_on_rails
    • Published: Dec. 29, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-17910

    On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur transmitter and a receiver to obtain the encrypted packet an... Read more

    • Published: Dec. 29, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-17929

    PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter.... Read more

    Affected Products : professional_service_script
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-17927

    PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/.... Read more

    Affected Products : professional_service_script
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-17926

    PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address.... Read more

    Affected Products : professional_service_script
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17973

    In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue... Read more

    Affected Products : libtiff
    • Published: Dec. 29, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-17917

    SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method i... Read more

    Affected Products : rails ruby_on_rails
    • Published: Dec. 29, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-17934

    ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls.... Read more

    Affected Products : ubuntu_linux imagemagick
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-17920

    SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this meth... Read more

    Affected Products : ruby_on_rails
    • Published: Dec. 29, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-17937

    Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search.... Read more

    Affected Products : marketplace_digital_products_php
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17936

    Vanguard Marketplace Digital Products PHP has CSRF via /search.... Read more

    Affected Products : marketplace_digital_products_php
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-17967

    pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote attackers to cause a denial of service via a crafted PPT file, aka CNVD-2017-35482.... Read more

    Affected Products : wps_office wps_office
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-17954

    PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter.... Read more

    Affected Products : php_multivendor_ecommerce
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.6

    HIGH
    CVE-2017-17952

    PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address.... Read more

    Affected Products : php_multivendor_ecommerce
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17951

    PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter.... Read more

    Affected Products : php_multivendor_ecommerce
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-17958

    PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter.... Read more

    Affected Products : php_multivendor_ecommerce
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-17975

    Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio re... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294740 Results