Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-11507

    A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username para... Read more

    Affected Products : check_mk
    • Published: Dec. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11511

    The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file downloads due to improper restrictions of the pathname used in the filepath parameter for the download-file URL. An unauthenticated remote attacker can use this vulnerability to downloa... Read more

    Affected Products : servicedesk
    • Published: Nov. 08, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-11533

    When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WriteUILImage() function in coders/uil.c.... Read more

    Affected Products : imagemagick
    • Published: Jul. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-11516

    An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled.... Read more

    Affected Products : yii
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-11534

    When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the lite_font_map() function in coders/wmf.c.... Read more

    Affected Products : imagemagick
    • Published: Jul. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-11524

    The WriteBlob function in MagickCore/blob.c in ImageMagick before 6.9.8-10 and 7.x before 7.6.0-0 allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted file.... Read more

    Affected Products : imagemagick
    • Published: Jul. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-11535

    When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the WritePSImage() function in coders/ps.c.... Read more

    Affected Products : imagemagick
    • Published: Jul. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-11540

    When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a heap-based buffer over-read in the GetPixelIndex() function, called from the WritePICONImage function in coders/xpm.c.... Read more

    Affected Products : imagemagick
    • Published: Jul. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-11531

    When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteHISTOGRAMImage() function in coders/histogram.c.... Read more

    Affected Products : imagemagick
    • Published: Jul. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-11552

    mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service (memory corruption seen in a crash in the mad_decoder_run function in decoder.c in libmad) via a crafted MP3... Read more

    Affected Products : mad_libmad
    • Published: Aug. 01, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-11539

    When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the ReadOnePNGImage() function in coders/png.c.... Read more

    Affected Products : imagemagick
    • Published: Jul. 23, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-11548

    The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 allows remote attackers to cause a denial of service (memory corruption) via a crafted MP3 file.... Read more

    Affected Products : libao
    • Published: Jul. 31, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-11536

    When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to a Memory Leak in the WriteJP2Image() function in coders/jp2.c.... Read more

    Affected Products : imagemagick
    • Published: Jul. 23, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-11562

    A Session Fixation Vulnerability exists in the MT4 Networks SenhaSegura Web Application 2.2.23.8 via login_if.php.... Read more

    Affected Products : senhasegura
    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-11576

    FontForge 20161012 does not ensure a positive size in a weight vector memcpy call in readcfftopdict (parsettf.c) resulting in DoS via a crafted otf file.... Read more

    Affected Products : fontforge
    • Published: Jul. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11553

    There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service.... Read more

    Affected Products : exiv2
    • Published: Jul. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11772

    The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information discl... Read more

    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-11571

    FontForge 20161012 is vulnerable to a stack-based buffer overflow in addnibble (parsettf.c) resulting in DoS or code execution via a crafted otf file.... Read more

    Affected Products : fontforge
    • Published: Jul. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11673

    Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a malformed PRE file, related to a "User Mode Write AV starting at reporter!madTraceProcess."... Read more

    Affected Products : web_vulnerability_scanner
    • Published: Jul. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-11568

    FontForge 20161012 is vulnerable to a heap-based buffer over-read in PSCharStringToSplines (psread.c) resulting in DoS or code execution via a crafted otf file.... Read more

    Affected Products : fontforge
    • Published: Jul. 23, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294863 Results