Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-16894

    In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in s... Read more

    Affected Products : laravel
    • Published: Nov. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-16877

    ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.... Read more

    Affected Products : next.js next.js
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-16882

    Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a non-root account), which allows local users to gain pri... Read more

    Affected Products : icinga
    • Published: Nov. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-16893

    The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data fr... Read more

    Affected Products : piwigo
    • Published: Dec. 01, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-16938

    A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a denial-of-service attack or other unspecified impact with a maliciously crafted GIF format file, related to an uncontrolled loop in the LZWReadByte function of the gifread.c file... Read more

    Affected Products : optipng optipng
    • Published: Nov. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17027

    A buffer overflow vulnerability in FTP service in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.... Read more

    Affected Products : qts
    • Published: Dec. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-16895

    The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet.... Read more

    Affected Products : arq
    • Published: Dec. 01, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-16904

    The Public tologin feature in admin.php in LvyeCMS through 3.1 allows XSS via a crafted username that is mishandled during later log viewing by an administrator.... Read more

    Affected Products : lvyecms
    • Published: Nov. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-16921

    In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands... Read more

    Affected Products : debian_linux otrs
    • Published: Dec. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-16892

    In Bftpd before 4.7, there is a memory leak in the file rename function.... Read more

    Affected Products : bftpd
    • Published: Nov. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-16944

    The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifyi... Read more

    Affected Products : debian_linux exim
    • Published: Nov. 25, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-16952

    KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service via a crafted NSV file.... Read more

    Affected Products : kmplayer
    • Published: Nov. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-16899

    An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_te... Read more

    Affected Products : debian_linux xfig
    • Published: Nov. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14560

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at STDUXPSFile!DllUnregisterServer+0x00000000000... Read more

    Affected Products : stdu_viewer
    • Published: Sep. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14512

    NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981.... Read more

    Affected Products : nexusphp
    • Published: Sep. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14550

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Possible Stack Corruption starting at STDUDjVuFile!DllUnregisterServer+0x000000000000e8b8."... Read more

    Affected Products : stdu_viewer
    • Published: Sep. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14558

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x0000000000018cc2."... Read more

    Affected Products : stdu_viewer
    • Published: Sep. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14497

    The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other imp... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Sep. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14539

    IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .svg file, related to "Data from Faulting Address controls Branch Selection starting at image00000000_00400000+0x000000000011d767.... Read more

    Affected Products : irfanview
    • Published: Sep. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14507

    Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timel... Read more

    Affected Products : content_timeline
    • Published: Sep. 29, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294836 Results