Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-11737

    interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS via the Subject and Message-Id headers, which are mishandled in the history page.... Read more

    Affected Products : rspamd
    • Published: Jul. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11723

    Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld parameter.... Read more

    Affected Products : xinha
    • Published: Jul. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2017-11783

    Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ... Read more

    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-11726

    services/system_io/actionprocessor/System.rails in ConnectWise Manage 2017.5 is vulnerable to Cross-Site Request Forgery (CSRF), as demonstrated by changing an e-mail address setting.... Read more

    Affected Products : manage
    • Published: Jul. 31, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-11861

    Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memor... Read more

    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-11730

    A heap-based buffer over-read was found in the function OpCode (called from decompileINCR_DECR line 1474) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.... Read more

    Affected Products : ming
    • Published: Jul. 29, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-11736

    SQL injection vulnerability in core\admin\auto-modules\forms\process.php in BigTree 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via the tags array parameter.... Read more

    Affected Products : bigtree_cms
    • Published: Jul. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-11809

    ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scriptin... Read more

    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-11742

    The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in Expat 2.2.1 and 2.2.2 on Windows allows local users to gain privileges via a Trojan horse ADVAPI32.DLL in the current working directory because of an untrusted search path, aka DLL hi... Read more

    Affected Products : windows libexpat
    • Published: Jul. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-11796

    ChakraCore and Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE I... Read more

    Affected Products : edge windows_10 chakracore
    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-11847

    Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to run arbitrary co... Read more

    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-11741

    HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.... Read more

    Affected Products : vagrant_vmware_fusion
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-11798

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory... Read more

    Affected Products : edge windows_10 windows_server_2016
    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-11752

    The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 allows remote attackers to cause a denial of service (memory leak) via a crafted file.... Read more

    Affected Products : imagemagick
    • Published: Jul. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11770

    .NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handl... Read more

    Affected Products : aspnetcore
    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-11748

    VIT Spider Player 2.5.3 has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll, olepro32.dll, dsound.dll, or AUDIOSES.dll file.... Read more

    Affected Products : spider_player
    • Published: Jul. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-11804

    ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scriptin... Read more

    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-11753

    The GetImageDepth function in MagickCore/attribute.c in ImageMagick 7.0.6-4 might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted Flexible Image Transport System (FITS) file.... Read more

    Affected Products : imagemagick
    • Published: Jul. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-11765

    The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disc... Read more

    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-11775

    Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an attacker to exploit a cross-site scripting (XSS) vulnerability by sending a specially crafted request to an affected SharePoint server, due to how Sha... Read more

    Affected Products : sharepoint_enterprise_server
    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294860 Results