Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-12900

    Several protocol parsers in tcpdump before 4.9.2 could cause a buffer over-read in util-print.c:tok2strbuf().... Read more

    Affected Products : tcpdump
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12927

    A cross-site scripting vulnerability exists in Cacti 1.1.17 in the method parameter in spikekill.php.... Read more

    Affected Products : cacti
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-12976

    git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-10... Read more

    Affected Products : git-annex
    • Published: Aug. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-12911

    The "apetag.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a stack memory corruption when opening a crafted MP3 file.... Read more

    Affected Products : mp3gain
    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-12928

    A hard-coded password of tecn0visi0n for the dlxuser account in TecnoVISION DLX Spot Player4 (all known versions) allows remote attackers to log in via SSH and escalate privileges to root access with the same credentials.... Read more

    Affected Products : dlx_spot_player4
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-12961

    There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.... Read more

    Affected Products : pspp
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12919

    Heap-based buffer overflow in OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows remote attackers to cause a denial of service via a crafted fpx image.... Read more

    Affected Products : libfpx
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-12929

    Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 version >1.5.10 allows remote authenticated users to upload arbitrary files leading to Remote Command Execution.... Read more

    Affected Products : dlx_spot_player4
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-12912

    The "mpglibDBL/layer3.c" file in MP3Gain 1.5.2.r2 has a vulnerability which results in a read access violation when opening a crafted MP3 file.... Read more

    Affected Products : mp3gain
    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12943

    D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password.... Read more

    Affected Products : dir-600_b1_firmware dir-600_b1
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12957

    There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that is triggered in the Exiv2::Image::io function in image.cpp. It will lead to remote denial of service.... Read more

    Affected Products : exiv2
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12909

    SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the userid parameter.... Read more

    Affected Products : nexusphp
    • Published: Aug. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12939

    A Remote Code Execution vulnerability was identified in all Windows versions of Unity Editor, e.g., before 5.3.8p2, 5.4.x before 5.4.5p5, 5.5.x before 5.5.4p3, 5.6.x before 5.6.3p1, and 2017.x before 2017.1.0p4.... Read more

    Affected Products : windows unity_editor
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-12935

    The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 mishandles large MNG images, leading to an invalid memory read in the SetImageColorCallBack function in magick/image.c.... Read more

    Affected Products : debian_linux graphicsmagick
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-12964

    There is a stack consumption issue in LibSass 3.4.5 that is triggered in the function Sass::Eval::operator() in eval.cpp. It will lead to a remote denial of service attack.... Read more

    Affected Products : libsass
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12930

    SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 version >1.5.10 allows remote unauthenticated users to access the web interface as administrator via a crafted password.... Read more

    Affected Products : dlx_spot_player4
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12948

    Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier for WordPress has XSS in the PATH_INFO to wp-admin/admin.php, related to PHP_SELF.... Read more

    Affected Products : pressforward
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-12963

    There is an illegal address access in Sass::Eval::operator() in eval.cpp of LibSass 3.4.5, leading to a remote denial of service attack. NOTE: this is similar to CVE-2017-11555 but remains exploitable after the vendor's CVE-2017-11555 fix (available from ... Read more

    Affected Products : libsass
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12953

    The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file.... Read more

    Affected Products : libgig
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12981

    NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action.... Read more

    Affected Products : nexusphp
    • Published: Aug. 21, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294842 Results