Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.7

    HIGH
    CVE-2017-12741

    Specially crafted packets sent to port 161/udp could cause a denial of service condition. The affected devices must be restarted manually.... Read more

    • Published: Dec. 26, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-12786

    Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when AC... Read more

    Affected Products : noviware
    • Published: Aug. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12809

    QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM Emulator support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) by flushing an empty CDROM device drive.... Read more

    Affected Products : debian_linux qemu
    • Published: Aug. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-12763

    An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authenticated users to gain privileges by gaining access to local files.... Read more

    Affected Products : linux_kernel mac_os_x nomachine
    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12814

    Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.... Read more

    Affected Products : windows perl
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12792

    Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP 1.5 allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) linkname, (2) url, or (3) title param... Read more

    Affected Products : nexusphp
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-12892

    Foxit PDF Compressor installers from versions from 7.0.0.183 to 7.7.2.10 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.... Read more

    Affected Products : pdf_compressor
    • Published: Aug. 16, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-12837

    Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the cas... Read more

    Affected Products : perl
    • Published: Sep. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12798

    Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q parameter to searchsuggest.php.... Read more

    Affected Products : nexusphp
    • Published: Aug. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-12817

    In Kaspersky Internet Security for Android 11.12.4.1622, some of the application trace files were not encrypted.... Read more

    Affected Products : internet_security
    • Published: Aug. 25, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12800

    The EBML_FindNextElement function in ebmlmain.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.... Read more

    Affected Products : mkvalidator libebml2 mkclean
    • Published: Nov. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-12823

    Kernel pool memory corruption in one of drivers in Kaspersky Embedded Systems Security version 1.2.0.300 leads to local privilege escalation.... Read more

    Affected Products : embedded_systems_security
    • Published: Dec. 08, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12811

    PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item.... Read more

    Affected Products : phpjabbers_star_rating_script
    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12816

    In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities have weak permissions, which might be used by a malware application to get unauthorized access to the product functionality by using Android IPC.... Read more

    Affected Products : internet_security
    • Published: Aug. 25, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12803

    The Node_ValidatePtr function in corec/corec/node/node.c in mkclean 0.8.9 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.... Read more

    Affected Products : mkclean
    • Published: Nov. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12941

    libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the Unpack::Unpack20 function.... Read more

    Affected Products : unrar
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2017-12822

    Remote enabling and disabling admin interface in Gemalto's HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE version 7.55 leads to new attack vectors.... Read more

    Affected Products : sentinel_ldk_rte_firmware
    • Published: Oct. 04, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12856

    Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to index.php.... Read more

    Affected Products : c.p.sub
    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-12870

    SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to n... Read more

    Affected Products : simplesamlphp
    • Published: Sep. 01, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-12838

    Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows remote attackers to hijack the authentication of users for requests that (1) send manas via a request to mybonus.php or (2) add administrators via unspecified vectors.... Read more

    Affected Products : nexusphp
    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294848 Results