Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

9.8

CRITICAL

CVE-2015-7705

The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests....

Affected Products : data_ontap oncommand_performance_manager oncommand_unified_manager ntp xenserver clustered_data_ontap simatic_cp_443-1_opc_ua_firmware tim_4r-ie_firmware tim_4r-ie_dnp3_firmware tim_4r-ie +1 more products
Published: Aug. 07, 2017

Modified: Apr. 20, 2025
7.5

HIGH

CVE-2015-7704

The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service via a number of crafted "KOD" messages....

Affected Products : debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus enterprise_linux_server_tus data_ontap oncommand_performance_manager oncommand_unified_manager +6 more products
Published: Aug. 07, 2017

Modified: Apr. 20, 2025
6.5

MEDIUM

CVE-2015-7702

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750....

Affected Products : debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus enterprise_linux_server_tus data_ontap oncommand_performance_manager oncommand_unified_manager +3 more products
Published: Aug. 07, 2017

Modified: Apr. 20, 2025
7.5

HIGH

CVE-2015-7701

Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (memory consumption)....

Affected Products : debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus enterprise_linux_server_tus data_ontap oncommand_performance_manager oncommand_unified_manager +3 more products
Published: Aug. 07, 2017

Modified: Apr. 20, 2025
7.5

HIGH

CVE-2015-7692

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750....

Affected Products : debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus enterprise_linux_server_tus data_ontap oncommand_performance_manager oncommand_unified_manager +3 more products
Published: Aug. 07, 2017

Modified: Apr. 20, 2025
7.5

HIGH

CVE-2015-7691

The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted packets containing particular autokey operations. NOTE: This vulnerability exists due to an inc...

Affected Products : debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_aus enterprise_linux_server_eus enterprise_linux_server_tus data_ontap oncommand_performance_manager oncommand_unified_manager +3 more products
Published: Aug. 07, 2017

Modified: Apr. 20, 2025
7.8

HIGH

CVE-2015-7571

Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension....

Affected Products : yeager_cms
Published: Aug. 07, 2017

Modified: Apr. 20, 2025
7.8

HIGH

CVE-2015-5946

Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension....

Affected Products : sugarcrm suitecrm
Published: Aug. 07, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2015-5244

The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions....

Affected Products : mod_nss
Published: Aug. 07, 2017

Modified: Apr. 20, 2025
8.8

HIGH

CVE-2014-9831

coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file....

Affected Products : imagemagick
Published: Aug. 07, 2017

Modified: Apr. 20, 2025
8.8

HIGH

CVE-2014-9830

coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file....

Affected Products : imagemagick
Published: Aug. 07, 2017

Modified: Apr. 20, 2025
8.8

HIGH

CVE-2014-9828

coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file....

Affected Products : imagemagick
Published: Aug. 07, 2017

Modified: Apr. 20, 2025
8.8

HIGH

CVE-2014-9827

coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file....

Affected Products : imagemagick
Published: Aug. 07, 2017

Modified: Apr. 20, 2025
7.5

HIGH

CVE-2014-3462

The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes"....

Affected Products : leap opensuse encfs
Published: Aug. 07, 2017

Modified: Apr. 20, 2025
7.8

HIGH

CVE-2014-1235

Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: This vulnerability exists due to an incomplete fix for C...

Affected Products : graphviz
Published: Aug. 07, 2017

Modified: Apr. 20, 2025
6.5

MEDIUM

CVE-2017-12654

The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of service (memory leak) via a crafted file....

Affected Products : imagemagick
Published: Aug. 07, 2017

Modified: Apr. 20, 2025
7.8

HIGH

CVE-2017-12653

360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory....

Affected Products : 360_total_security
Published: Aug. 07, 2017

Modified: Apr. 20, 2025
8.8

HIGH

CVE-2017-12651

Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked....

Affected Products : loginizer
Published: Aug. 07, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2017-12650

SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header....

Affected Products : loginizer
Published: Aug. 07, 2017

Modified: Apr. 20, 2025
5.5

MEDIUM

CVE-2015-8621

t-coffee before 11.00.8cbe486-2 allows local users to write to ~/.t_coffee globally....

Affected Products : t-coffee
Published: Aug. 07, 2017

Modified: Apr. 20, 2025

Showing 20 of 294853 Results

Browse by Apps

Latest CVE Feed

9.8

7.5

6.5

7.5

7.5

7.5

7.8

7.8

9.8

8.8

8.8

8.8

8.8

7.5

7.8

6.5

7.8

8.8

9.8

5.5

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable