Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-11670

    A length validation (leading to out-of-bounds read and write) flaw was found in the way eapmd5pass 1.4 handled network traffic in the extract_eapusername function. A remote attacker could potentially use this flaw to crash the eapmd5pass process by genera... Read more

    Affected Products : eapmd5pass
    • Published: Jul. 31, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-11722

    The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its ... Read more

    Affected Products : graphicsmagick
    • Published: Jul. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-11732

    A heap-based buffer overflow vulnerability was found in the function dcputs (called from decompileIMPLEMENTS) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.... Read more

    Affected Products : debian_linux ming
    • Published: Jul. 29, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-11648

    Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do not possess any protection against a CSRF vulnerability, as demonstrated by a goform/BasicSettings request to disable port filtering.... Read more

    Affected Products : tr_1803-3g_firmware tr_1803-3g
    • Published: Jul. 31, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11717

    MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stream, as demonstrated by the login/findpass page.... Read more

    Affected Products : metinfo
    • Published: Jul. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11668

    An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:134 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain... Read more

    Affected Products : eapmd5pass
    • Published: Jul. 31, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-11698

    Heap-based buffer overflow in the __get_page function in lib/dbm/src/h_page.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file.... Read more

    Affected Products : network_security_services
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-11716

    MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode.... Read more

    Affected Products : metinfo
    • Published: Jul. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-11744

    In MODX Revolution 2.5.7, the "key" and "name" parameters in the System Settings module are vulnerable to XSS. A malicious payload sent to connectors/index.php will be triggered by every user, when they visit this module.... Read more

    Affected Products : modx_revolution
    • Published: Jul. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.1

    CRITICAL
    CVE-2017-11693

    MEDHOST Document Management System contains hard-coded credentials that are used for customer database access. An attacker with knowledge of the hard-coded credentials and the ability to communicate directly with the database may be able to obtain or modi... Read more

    • Published: Jul. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2017-11756

    In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=config_upload, and then using user... Read more

    Affected Products : ear_music
    • Published: Jul. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11788

    Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709 allows an unauthenticated attacker to... Read more

    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-11704

    A heap-based buffer over-read was found in the function decompileIF in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.... Read more

    Affected Products : ming
    • Published: Jul. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11715

    job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php extension but not related extensions, which might allow remote authenticated admins to execute arbitrary PHP code by uploading a .phtml file after certain actions involving admin/system/saf... Read more

    Affected Products : metinfo
    • Published: Jul. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11721

    Buffer overflow in ioquake3 before 2017-08-02 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted packet.... Read more

    Affected Products : ioquake3
    • Published: Aug. 03, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-11751

    The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file.... Read more

    Affected Products : imagemagick
    • Published: Jul. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-11812

    ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engi... Read more

    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-11724

    The ReadMATImage function in coders/mat.c in ImageMagick through 6.9.9-3 and 7.x through 7.0.6-3 has memory leaks involving the quantum_info and clone_info data structures.... Read more

    Affected Products : imagemagick
    • Published: Jul. 29, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14836

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The... Read more

    Affected Products : foxit_reader pdf_reader
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-11718

    There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/login.php.... Read more

    Affected Products : metinfo
    • Published: Jul. 28, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294860 Results