Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2017-11351

    Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account.... Read more

    Affected Products : mu553s_firmware mu553s
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-11251

    Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the JPEG 2000 parsing module. Successful exploitation could lead to arbi... Read more

    • Published: Aug. 11, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-11263

    Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the internal data structure manipulation related to document encoding. S... Read more

    • Published: Aug. 11, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-11395

    Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.... Read more

    Affected Products : smart_protection_server
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11279

    Adobe Digital Editions 4.5.4 and earlier has an exploitable use after free vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : digital_editions
    • Published: Aug. 11, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-11358

    The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file.... Read more

    Affected Products : debian_linux sound_exchange
    • Published: Jul. 31, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11277

    Adobe Digital Editions 4.5.4 and earlier has an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : digital_editions
    • Published: Aug. 11, 2017
    • Modified: Apr. 20, 2025

  • 8.2

    HIGH
    CVE-2017-10409

    Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Merchant UI). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauth... Read more

    Affected Products : istore
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-10425

    Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications (subcomponent: Service Host). Supported versions that are affected are 2.6, 2.7, 2.8 and 2.9. Easily exploitable vulnerability allows low privileged attacker wit... Read more

    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2017-10405

    Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows unauthenticated attacker... Read more

    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-10771

    XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpC... Read more

    Affected Products : xnview windows
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1000160

    EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection... Read more

    Affected Products : expressionengine
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1000138

    Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title.... Read more

    Affected Products : mahara
    • Published: Nov. 03, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-1000151

    Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before 16.04.3 are vulnerable to passwords or other sensitive information being passed by unusual parameters to end up in an error log.... Read more

    Affected Products : mahara
    • Published: Nov. 03, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1000146

    Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio page was not being properly escaped in the AJAX script th... Read more

    Affected Products : mahara
    • Published: Nov. 03, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2017-1000147

    Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before 15.04.3 are vulnerable to perform a cross-site request forgery (CSRF) attack on the uploader contained in Mahara's filebrowser widget. This could allow an attacker to trick a Mahara user into... Read more

    Affected Products : mahara
    • Published: Nov. 03, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-1000189

    nodejs ejs version older than 2.5.5 is vulnerable to a denial-of-service due to weak input validation in the ejs.renderFile()... Read more

    Affected Products : ejs
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-1000144

    Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some ... Read more

    Affected Products : mahara
    • Published: Nov. 03, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1000164

    Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation... Read more

    Affected Products : tine_2.0
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-1000169

    QuickerBB version <= 0.7.2 is vulnerable to arbitrary file writes which can lead to remote code execution. This can lead to the complete takeover of the server hosting QuickerBB.... Read more

    Affected Products : quickerbb
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294860 Results