Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-11165

    dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI.... Read more

    Affected Products : dt80_dex_firmware dt80_dex
    • Published: Jul. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-11182

    In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the My Profile section. All input fields are vulnerable.... Read more

    Affected Products : rise_ultimate_project_manager
    • Published: Jul. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-11181

    In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found in the Messaging section. Subject and Message fields are vulnerable.... Read more

    Affected Products : rise_ultimate_project_manager
    • Published: Jul. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-11180

    FineCMS through 2017-07-11 has stored XSS in the logging functionality, as demonstrated by an XSS payload in (1) the User-Agent header of an HTTP request or (2) the username entered on the login screen.... Read more

    Affected Products : finecms
    • Published: Jul. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-11179

    FineCMS through 2017-07-11 has stored XSS in route=admin when modifying user information, and in route=register when registering a user account.... Read more

    Affected Products : finecms
    • Published: Jul. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11178

    In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example, this can be used to overwrite a .php file because the f... Read more

    Affected Products : finecms
    • Published: Jul. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-11176

    The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly h... Read more

    Affected Products : linux_kernel debian_linux
    • Published: Jul. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8621

    Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability".... Read more

    Affected Products : exchange_server
    • Published: Jul. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-8619

    Microsoft Edge on Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka "Scripting Engine Memory Corruption V... Read more

    Affected Products : edge windows_10 windows_server_2016
    • Published: Jul. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-8618

    Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 Internet Explorer in the way affected Microsoft scripting ... Read more

    • Published: Jul. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-8617

    Microsoft Edge in Windows 10 1703 Microsoft Edge allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Remote Code Execution Vulnerability."... Read more

    Affected Products : edge windows_10
    • Published: Jul. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-8611

    Microsoft Edge on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability."... Read more

    Affected Products : edge windows_10
    • Published: Jul. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-8610

    Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corrupti... Read more

    Affected Products : edge windows_10
    • Published: Jul. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-8609

    Microsoft Internet Explorer in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memo... Read more

    Affected Products : edge windows_10 windows_server_2016
    • Published: Jul. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-8608

    Microsoft browsers in Microsoft Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the curren... Read more

    • Published: Jul. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-8607

    Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of... Read more

    • Published: Jul. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-8606

    Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of... Read more

    • Published: Jul. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-8605

    Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microso... Read more

    Affected Products : edge windows_10 windows_server_2016
    • Published: Jul. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-8604

    Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edg... Read more

    Affected Products : edge windows_10 windows_server_2016
    • Published: Jul. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-8603

    Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edg... Read more

    Affected Products : edge windows_10 windows_server_2016
    • Published: Jul. 11, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294848 Results