Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2017-12654

    The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 allows attackers to cause a denial of service (memory leak) via a crafted file.... Read more

    Affected Products : imagemagick
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-12653

    360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege Escalation via a Trojan horse Shcore.dll file in any directory in the PATH, as demonstrated by the C:\Python27 directory.... Read more

    Affected Products : 360_total_security
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-12651

    Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist IP Wizard in init.php in the Loginizer plugin before 1.3.6 for WordPress because the HTTP Referer header is not checked.... Read more

    Affected Products : loginizer
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12650

    SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header.... Read more

    Affected Products : loginizer
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2015-8621

    t-coffee before 11.00.8cbe486-2 allows local users to write to ~/.t_coffee globally.... Read more

    Affected Products : t-coffee
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2015-7887

    NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups.... Read more

    Affected Products : snapcenter_server
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-7875

    ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to place content and functionality on a page.... Read more

    Affected Products : ctools
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2015-7561

    Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users should they know the name of said image.... Read more

    Affected Products : openshift kubernetes
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2015-3839

    The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash).... Read more

    Affected Products : android
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.1

    CRITICAL
    CVE-2015-1555

    Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators.... Read more

    Affected Products : zend_framework
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-1378

    cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is sourced without checking that the local directory is writable by non-root users.... Read more

    Affected Products : grml-debootstrap
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 8.2

    HIGH
    CVE-2014-9262

    The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files.... Read more

    Affected Products : duplicator
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2014-9260

    The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option.... Read more

    Affected Products : download_manager download_manager
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2011-5325

    Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.... Read more

    Affected Products : ubuntu_linux debian_linux busybox
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2009-5145

    Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12.... Read more

    Affected Products : zope
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12649

    XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or summary that is mishandled in the Web Content Display.... Read more

    Affected Products : liferay_portal
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12648

    XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL.... Read more

    Affected Products : liferay_portal
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12647

    XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base article title.... Read more

    Affected Products : liferay_portal
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12646

    XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, password, or e-mail address.... Read more

    Affected Products : liferay_portal
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12645

    XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid portletId.... Read more

    Affected Products : liferay_portal
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294858 Results