Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.9

    MEDIUM
    CVE-2017-11405

    In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a CMSContentManager action to admin/moduleinterface.php, followed by a FilePicker action to admin/moduleinterface.php in which type=image is changed to type=f... Read more

    Affected Products : cms_made_simple
    • Published: Jul. 18, 2017
    • Modified: Apr. 20, 2025

  • 4.9

    MEDIUM
    CVE-2017-11404

    In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators can upload a .php file via a FileManager action to admin/moduleinterface.php.... Read more

    Affected Products : cms_made_simple
    • Published: Jul. 18, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-11403

    The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has an out-of-order CloseBlob call, resulting in a use-after-free via a crafted file.... Read more

    Affected Products : graphicsmagick
    • Published: Jul. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9934

    Missing CSRF token checks and improper input validation in Joomla! CMS 1.7.3 through 3.7.2 lead to an XSS vulnerability.... Read more

    Affected Products : joomla\!
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9933

    Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents.... Read more

    Affected Products : joomla\!
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9813

    In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the scriptName parameter of the licenseKeyInfo action method is vulnerable to cross-site scripting (XSS).... Read more

    Affected Products : anti-virus_for_linux_server
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9812

    The reportId parameter of the getReportStatus action method can be abused in the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312) to read arbitrary files with kluser privileges.... Read more

    Affected Products : anti-virus_for_linux_server
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-9811

    The kluser is able to interact with the kav4fs-control binary in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). By abusing the quarantine read and write operations, it is possible to elevate the pr... Read more

    Affected Products : anti-virus_for_linux_server
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-9810

    There are no Anti-CSRF tokens in any forms on the web interface in Kaspersky Anti-Virus for Linux File Server before Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312). This would allow an attacker to submit authenticated requests when an authenticated... Read more

    Affected Products : anti-virus_for_linux_server
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9671

    A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution, by crafting a malicious APKINDEX.tar.gz file with a bad pax header block.... Read more

    Affected Products : alpine_linux
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9669

    A heap overflow in apk (Alpine Linux's package manager) allows a remote attacker to cause a denial of service, or achieve code execution by crafting a malicious APKINDEX.tar.gz file.... Read more

    Affected Products : alpine_linux
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-9609

    Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the map_language parameter to backend/pages/lang_settings.php.... Read more

    Affected Products : blackcat_cms
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-9340

    An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2.... Read more

    Affected Products : owncloud
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-9339

    A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.... Read more

    Affected Products : owncloud
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-9338

    Inadequate escaping lead to XSS vulnerability in the search module in ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2. To be exploitable a user has to write or paste malicious content into the search dialog... Read more

    Affected Products : owncloud
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8896

    ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before 9.1.6, and 10.0.x before 10.0.2 are vulnerable to XSS on error pages by injecting code in url parameters.... Read more

    Affected Products : owncloud
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-7947

    NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 before P5 allow attackers to obtain sensitive password information by leveraging logging of passwords entered non-interactively on the command line.... Read more

    Affected Products : clustered_data_ontap
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-6744

    The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to rel... Read more

    Affected Products : ios
    • Actively Exploited
    • Published: Jul. 17, 2017
    • Modified: Jul. 31, 2025

  • 9.0

    HIGH
    CVE-2017-6743

    The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE Software contains multiple vulnerabilities that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to rel... Read more

    Affected Products : ios_xe ios
    • Actively Exploited
    • Published: Jul. 17, 2017
    • Modified: Jul. 31, 2025

  • 9.0

    HIGH
    CVE-2017-6742

    A vulnerability in the SNMP implementation of could allow an authenticated, remote attacker to cause a reload of the affected system or to remotely execute code. An attacker could exploit this vulnerability by sending a crafted SNMP packet to the affected... Read more

    Affected Products : ios_xe ios
    • Actively Exploited
    • Published: Jul. 17, 2017
    • Modified: Jul. 31, 2025
Showing 20 of 294799 Results