Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2017-14424

    D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) and REV. B (with firmware through FW208WWb02) devices have 0666 /var/passwd permissions.... Read more

    Affected Products : dir-850l_firmware dir-850l
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14548

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .djvu file, related to a "User Mode Write AV starting at STDUDjVuFile!DllUnregisterServer+0x000000000000854d."... Read more

    Affected Products : stdu_viewer
    • Published: Sep. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14564

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at STDUXPSFile!DllUnregisterServer+0x00000000000... Read more

    Affected Products : stdu_viewer
    • Published: Sep. 18, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14508

    An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before 7.8.2.2, and 7.9.x before 7.9.2.0 (and Sugar Community Edition 6.5.26). Several areas have been identified in the Documents and Emails module that could allow an authenticated user to perfor... Read more

    Affected Products : sugarcrm
    • Published: Sep. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-14502

    read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.... Read more

    Affected Products : libarchive
    • Published: Sep. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14538

    XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008823."... Read more

    Affected Products : xnview windows
    • Published: Sep. 18, 2017
    • Modified: Apr. 20, 2025

  • 4.9

    MEDIUM
    CVE-2017-12077

    Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology Router Manager (SRM) before 1.1.4-6509 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.... Read more

    Affected Products : router_manager router_manager
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-11940

    The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Excha... Read more

    • Published: Dec. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-12066

    Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti before 1.1.16 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable. NOTE: this vu... Read more

    Affected Products : cacti
    • Published: Aug. 01, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12074

    Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter.... Read more

    Affected Products : dns_server
    • Published: Aug. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-12072

    Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.8.0-3456 allows remote authenticated users to inject arbitrary web scripts or HTML via the id parameter.... Read more

    Affected Products : photo_station
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12085

    An exploitable routing vulnerability exists in the Circle with Disney cloud infrastructure. A specially crafted packet can make the Circle cloud route a packet to any arbitrary Circle device. An attacker needs network connectivity to the Internet to trigg... Read more

    • Published: Nov. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.9

    MEDIUM
    CVE-2017-12223

    A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 Integrated Services Router Software could allow an unauthenticated, local attacker to boot an unsigned Hypervisor on an affected device and compromise the integrity of the system. The vulnera... Read more

    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-12110

    An exploitable integer overflow vulnerability exists in the xls_appendSST function of libxls 1.4.A specially crafted XLS file can cause memory corruption resulting in remote code execution.... Read more

    Affected Products : libxls
    • Published: Nov. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12145

    In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_ftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file.... Read more

    Affected Products : libquicktime
    • Published: Aug. 02, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-12106

    A memory corruption vulnerability exists in the .TGA parsing functionality of Computerinsel Photoline 20.02. A specially crafted .TGA file can cause an out of bounds write resulting in potential code execution. An attacker can send a specific .TGA file to... Read more

    Affected Products : photoline
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12131

    The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial Excerpt Options screens.... Read more

    Affected Products : easy_testimonials
    • Published: Aug. 01, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12143

    In libquicktime 1.2.4, an allocation failure was found in the function quicktime_read_info in lqt_quicktime.c, which allows attackers to cause a denial of service via a crafted file.... Read more

    Affected Products : libquicktime
    • Published: Aug. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12236

    A vulnerability in the implementation of the Locator/ID Separation Protocol (LISP) in Cisco IOS XE 3.2 through 16.5 could allow an unauthenticated, remote attacker using an x tunnel router to bypass authentication checks performed when registering an Endp... Read more

    Affected Products : ios_xe
    • Published: Sep. 29, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-12157

    In Moodle 3.x, various course reports allow teachers to view details about users in the groups they can't access.... Read more

    Affected Products : moodle
    • Published: Sep. 18, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294846 Results