Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2017-11914

    ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corrup... Read more

    • Published: Dec. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.2

    HIGH
    CVE-2017-12069

    An XXE vulnerability has been identified in OPC Foundation UA .NET Sample Code before 2017-03-21 and Local Discovery Server (LDS) before 1.03.367. Among the affected products are Siemens SIMATIC PCS7 (All versions V8.1 and earlier), SIMATIC WinCC (All ver... Read more

    • Published: Aug. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-11267

    Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EM... Read more

    • Published: Aug. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-11287

    An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A reflected cross-site scripting vulnerability exists that can result in information disclosure.... Read more

    Affected Products : connect
    • Published: Dec. 09, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11278

    Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : digital_editions
    • Published: Aug. 11, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2017-11291

    An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A Server-Side Request Forgery (SSRF) vulnerability exists that could be abused to bypass network access controls.... Read more

    Affected Products : connect
    • Published: Dec. 09, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11276

    Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : digital_editions
    • Published: Aug. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.3

    HIGH
    CVE-2017-10407

    Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.30. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure... Read more

    Affected Products : vm_virtualbox
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-10602

    A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X5... Read more

    Affected Products : junos
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 8.2

    HIGH
    CVE-2017-10414

    Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Checkout and Order Placement). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerabil... Read more

    Affected Products : istore
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-10421

    Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: Leisure). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows low privileged attacker with network a... Read more

    Affected Products : hospitality_suite8
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2017-10427

    Vulnerability in the Oracle Retail Xstore Point of Service component of Oracle Retail Applications (subcomponent: Point of Sale). Supported versions that are affected are 6.0.11, 6.5.11, 7.0.6, 7.1.6 and 15.0.1. Difficult to exploit vulnerability allows u... Read more

    Affected Products : retail_xstore_point_of_service
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-10700

    In the medialibrary component in QNAP NAS 4.3.3.0229, an un-authenticated, remote attacker can execute arbitrary system commands as the root user of the NAS application.... Read more

    Affected Products : qts
    • Published: Sep. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-10737

    XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000002e6."... Read more

    Affected Products : xnview windows
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-10604

    When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account. When an SRX Series device is in cluster mod... Read more

    Affected Products : junos srx
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-10681

    Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 allows remote attackers to hijack the authentication of users for requests to unlock albums via a crafted request.... Read more

    Affected Products : piwigo
    • Published: Jun. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-10603

    An XML injection vulnerability in Junos OS CLI can allow a locally authenticated user to elevate privileges and run arbitrary commands as the root user. This issue was found during internal product security testing. Affected releases are Juniper Networks ... Read more

    Affected Products : junos
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.1

    CRITICAL
    CVE-2017-10833

    "Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass access restriction to view information or modify configurations via unspecified vectors.... Read more

    Affected Products : scr02hd_firmware scr02hd
    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-10845

    Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account.... Read more

    • Published: Sep. 15, 2017
    • Modified: Apr. 20, 2025

  • 4.4

    MEDIUM
    CVE-2017-10606

    Version 4.40 of the TPM (Trusted Platform Module) firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an attacker to decrypt sensitive information in SRX300 Series products. The TPM is used in the SRX3... Read more

    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294858 Results