Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2017-11467

    OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.... Read more

    Affected Products : orientdb
    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-11466

    Arbitrary file upload vulnerability in com/dotmarketing/servlets/AjaxFileUploadServlet.class in dotCMS 4.1.1 allows remote authenticated administrators to upload .jsp files to arbitrary locations via directory traversal sequences in the fieldName paramete... Read more

    Affected Products : dotcms
    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11465

    The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y.... Read more

    Affected Products : ruby
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-11464

    A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.... Read more

    Affected Products : librsvg
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-1309

    IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 125463.... Read more

    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-1224

    IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123903.... Read more

    Affected Products : bigfix_platform
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-1223

    IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL display... Read more

    Affected Products : bigfix_platform
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-1219

    IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 123859.... Read more

    Affected Products : bigfix_platform
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-1218

    IBM Tivoli Endpoint Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123858.... Read more

    Affected Products : bigfix_platform
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-1203

    IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and Applications is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially ... Read more

    Affected Products : bigfix_platform
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-6018

    IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error messages in certain features that could cause an attacker to gain additional information to conduct further attacks. IBM X-Force ID: 116738.... Read more

    Affected Products : emptoris_contract_management
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-7977

    The Screensavercc component in eLux RP before 5.5.0 allows attackers to bypass intended configuration restrictions and execute arbitrary commands with root privileges by inserting commands in a local configuration dialog in the control panel.... Read more

    Affected Products : elux
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-6798

    In the XSS Protection API module before 1.0.12 in Apache Sling, the method XSS.getValidXML() uses an insecure SAX parser to validate the input string, which allows for XXE attacks in all scripts which use this method to validate user input, potentially al... Read more

    Affected Products : sling sling_i18n
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-5394

    In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.encodeForJSString() method is not restrictive enough and for some input patterns allows script tags to pass through unencoded, leading to potential XSS vulnera... Read more

    Affected Products : sling sling_i18n
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-7509

    Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to inject arbitrary web script or HTML by attaching a crafted HTML file to a ticket.... Read more

    Affected Products : glpi
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 8.0

    HIGH
    CVE-2016-7507

    Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows remote authenticated attackers to submit a request that could lead to the creation of an admin account in the application.... Read more

    Affected Products : glpi
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9764

    Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows remote attackers to inject arbitrary web script or HTML via the Client-IP or X-Forwarded-For HTTP header to /include/stat/stat.php in a para action.... Read more

    Affected Products : metinfo
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11456

    Geneko GWR routers allow directory traversal sequences starting with a /../ substring, as demonstrated by unauthenticated read access to the configuration file.... Read more

    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-11450

    coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short.... Read more

    Affected Products : debian_linux imagemagick
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-11449

    coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received... Read more

    Affected Products : imagemagick
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294836 Results