Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2016-7539

    Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.... Read more

    Affected Products : imagemagick
    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-8009

    The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered ... Read more

    Affected Products : mediawiki
    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2015-7543

    aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory.... Read more

    Affected Products : kdelibs arts
    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11499

    Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was constant across a given released version of Node.js. This ... Read more

    Affected Products : node.js
    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-8035

    An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A carefully crafted CAPI request from a Space Developer can allow... Read more

    Affected Products : cf-release capi-release
    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-8033

    An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions prior to v1.35.0 and cf-release versions prior to v268. A filesystem traversal vulnerability exists in the Cloud Controller that allows a space developer... Read more

    Affected Products : cf-release capi-release
    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-7541

    The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a craft... Read more

    Affected Products : linux_kernel
    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2015-2280

    snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the mac parameter.... Read more

    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-2279

    cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters after an "&" (ampersand) in the write_mac write_pid, write_... Read more

    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-1847

    Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 allows remote attackers to read normally inaccessible files via a .. (dot dot) in a crafted URL.... Read more

    Affected Products : appserver
    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-1382

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create files using the default permissions instead of the customized permissions when custom startup scripts are used. A local attacker could exploit this to gain access to files with an unknow... Read more

    Affected Products : websphere_application_server
    • Published: Jul. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1380

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials dis... Read more

    Affected Products : websphere_application_server
    • Published: Jul. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1287

    IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL display... Read more

    • Published: Jul. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1249

    IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ses... Read more

    • Published: Jul. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1245

    IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials ... Read more

    • Published: Jul. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-8975

    IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ses... Read more

    • Published: Jul. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-6118

    IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclos... Read more

    • Published: Jul. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-9554

    An information exposure vulnerability in forget_passwd.cgi in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to enumerate valid usernames via unspecified vectors.... Read more

    • Published: Jul. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9553

    A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter.... Read more

    • Published: Jul. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-8036

    An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release version 1.33.0 (only). The original fix for CVE-2017-8033 included in CAPI-release 1.33.0 introduces a regression that allows a space developer to execute arbitra... Read more

    Affected Products : capi-release
    • Published: Jul. 24, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294848 Results