Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2017-13868

    An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intend... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • Published: Dec. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-13903

    An issue was discovered in certain Apple products. iOS before 11.2.1 is affected. tvOS before 11.2.1 is affected. The issue involves the "HomeKit" component. It allows remote attackers to modify the application state by leveraging incorrect message handli... Read more

    Affected Products : iphone_os tvos
    • Published: Dec. 25, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-13861

    An issue was discovered in certain Apple products. iOS before 11.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "IOSurface" component. It allows attackers to execute arbitrary code in a privileged conte... Read more

    Affected Products : iphone_os tvos watchos
    • Published: Dec. 25, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-13865

    An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to bypass intend... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • Published: Dec. 25, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-13872

    An issue was discovered in certain Apple products. macOS High Sierra before Security Update 2017-001 is affected. The issue involves the "Directory Utility" component. It allows attackers to obtain administrator access without a password via certain inter... Read more

    Affected Products : mac_os_x mac_os_x
    • Published: Nov. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-13876

    An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. tvOS before 11.2 is affected. watchOS before 4.2 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbit... Read more

    Affected Products : mac_os_x iphone_os tvos watchos
    • Published: Dec. 25, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14050

    In BlackCat CMS 1.2, backend/addons/install.php allows remote authenticated users to execute arbitrary PHP code via a ZIP archive that contains a .php file.... Read more

    Affected Products : blackcat_cms
    • Published: Aug. 31, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14348

    LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.... Read more

    Affected Products : libraw
    • Published: Sep. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-13999

    A Stack-based Buffer Overflow issue was discovered in WECON LEVI Studio HMI Editor v1.8.1 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified in which the application does not verify string size before copying to memory; t... Read more

    Affected Products : levi_studio_hmi_editor
    • Published: Oct. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.4

    CRITICAL
    CVE-2017-14000

    An Improper Authentication issue was discovered in Ctek SkyRouter Series 4200 and 4400, all versions prior to V6.00.11. By accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to access the application without au... Read more

    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-13982

    A directory traversal vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows users to upload unrestricted files.... Read more

    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-13988

    An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'fol... Read more

    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-13984

    An authentication vulnerability in HPE BSM Platform Application Performance Management System Health product versions 9.26, 9.30 and 9.40, allows remote users to delete arbitrary files via servlet directory traversal.... Read more

    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-13991

    An information leakage vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows disclosure of product license features.... Read more

    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2017-14088

    Memory Corruption Privilege Escalation vulnerabilities in Trend Micro OfficeScan 11.0 and XG allows local attackers to execute arbitrary code and escalate privileges to resources normally reserved for the kernel on vulnerable installations by exploiting t... Read more

    Affected Products : officescan_xg officescan
    • Published: Oct. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-14020

    In AutomationDirect CLICK Programming Software (Part Number C0-PGMSW) Versions 2.10 and prior; C-More Programming Software (Part Number EA9-PGMSW) Versions 6.30 and prior; C-More Micro (Part Number EA-PGMSW) Versions 4.20.01.0 and prior; Do-more Designer ... Read more

    • Published: Nov. 13, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14034

    The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used in libbpg 0.9.7 and other products, miscalculates a memcpy destination address, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application... Read more

    Affected Products : libbpg
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-14139

    ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in coders/msl.c.... Read more

    Affected Products : imagemagick
    • Published: Sep. 04, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-14022

    An Improper Input Validation issue was discovered in Rockwell Automation FactoryTalk Alarms and Events, Version 2.90 and earlier. An unauthenticated attacker with remote access to a network with FactoryTalk Alarms and Events can send a specially crafted s... Read more

    Affected Products : factorytalk_alarms_and_events
    • Published: Dec. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-14036

    CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS.... Read more

    Affected Products : crushftp
    • Published: Aug. 30, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294853 Results