Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2017-8004

    The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance and RSA IMG products (RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2, all patch levels; RSA Via Lifecycle and Governance version 7.0, all patch levels; RSA Identi... Read more

    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-8000

    In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA Security Console Administrator could craft a token profile and store the profile name in the RSA Authentication Manager database. The profile name could include a crafted script (with ... Read more

    Affected Products : rsa_authentication_manager
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9951

    The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a comparison between signed and unsigned int and triggers a heap-... Read more

    Affected Products : memcached
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9814

    cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call.... Read more

    Affected Products : leap cairo
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7688

    Apache OpenMeetings 1.0.0 updates user password in insecure manner.... Read more

    Affected Products : openmeetings
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-7685

    Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH.... Read more

    Affected Products : openmeetings
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7684

    Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server.... Read more

    Affected Products : openmeetings
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7683

    Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure.... Read more

    Affected Products : openmeetings
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 8.2

    HIGH
    CVE-2017-7682

    Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation attacks, as a result attacker has access to restricted areas.... Read more

    Affected Products : openmeetings
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7681

    Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.... Read more

    Affected Products : openmeetings
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7680

    Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml file. This allows for flash content to be loaded from untrusted domains.... Read more

    Affected Products : openmeetings
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7673

    Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, captcha is not used in registration and forget password dialogs and auth forms missing brute force protection.... Read more

    Affected Products : openmeetings
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7666

    Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.... Read more

    Affected Products : openmeetings
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2017-7664

    Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.... Read more

    Affected Products : openmeetings
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7663

    Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0.... Read more

    Affected Products : openmeetings
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-3103

    Adobe Connect versions 9.6.1 and earlier have a stored cross-site scripting vulnerability. Successful exploitation could lead to a stored cross-site scripting attack.... Read more

    Affected Products : connect
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-3102

    Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Successful exploitation could lead to a reflected cross-site scripting attack.... Read more

    Affected Products : connect
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-3101

    Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerability. Successful exploitation could lead to a clickjacking attack.... Read more

    Affected Products : connect
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-3100

    Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 2 BitmapData class. Successful exploitation could lead to memory address disclosure.... Read more

    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-3099

    Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable memory corruption vulnerability in the Action Script 3 raster data model. Successful exploitation could lead to arbitrary code execution.... Read more

    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294848 Results