Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-7915

    An Improper Restriction of Excessive Authentication Attempts issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1... Read more

    • Published: May. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7913

    A Plaintext Storage of a Password issue was discovered in Moxa OnCell G3110-HSPA Version 1.3 build 15082117 and previous versions, OnCell G3110-HSDPA Version 1.2 Build 09123015 and previous versions, OnCell G3150-HSDPA Version 1.4 Build 11051315 and previ... Read more

    • Published: May. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9265

    In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing the group mod OpenFlow message sent from the controller in `lib/ofp-util.c` in the function `ofputil_pull_ofp15_group_mod`.... Read more

    Affected Products : openvswitch
    • Published: May. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9264

    In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) 2.6.1, there is a buffer over-read while parsing malformed TCP, UDP, and IPv6 packets in the functions `extract_l3_ipv6`, `extract_l4_tcp`, and `extract_l4_udp` that can be triggered ... Read more

    Affected Products : openvswitch
    • Published: May. 29, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-9263

    In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status message, there is a call to the abort() function for undefined role status reasons in the function `ofp_print_role_status_message` in `lib/ofp-print.c` that may be leveraged toward a remot... Read more

    Affected Products : openvswitch
    • Published: May. 29, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-9262

    In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.... Read more

    Affected Products : imagemagick
    • Published: May. 29, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-9261

    In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c allows attackers to cause a denial of service (memory leak) via a crafted file.... Read more

    Affected Products : imagemagick
    • Published: May. 29, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-10377

    In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list ... Read more

    Affected Products : openvswitch
    • Published: May. 29, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9252

    andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the search page via the text-search parameter to index.php in a route=search action.... Read more

    Affected Products : finecms
    • Published: May. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9251

    andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php.... Read more

    Affected Products : finecms
    • Published: May. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9250

    The lexer_process_char_literal function in jerry-core/parser/js/js-lexer.c in JerryScript 1.0 does not skip memory allocation for empty strings, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) vi... Read more

    Affected Products : jerryscript
    • Published: May. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-9249

    Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows remote authenticated users to inject arbitrary web script or HTML persistently by uploading a crafted HTML file. The attack vector is the content of this file, and the filename must be spec... Read more

    Affected Products : allen_disk allendisk
    • Published: May. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9243

    Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 has XSS on the Wireless Site Survey page, exploitable with the name of an access point.... Read more

    • Published: May. 28, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-9232

    Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.... Read more

    Affected Products : juju
    • Published: May. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7296

    An issue was discovered in Contiki Operating System 3.0. A Persistent XSS vulnerability is present in the MQTT/IBM Cloud Config page (aka mqtt.html) of cc26xx-web-demo. The cc26xx-web-demo features a webserver that runs on a constrained device. That parti... Read more

    Affected Products : contiki contiki-os
    • Published: May. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-7295

    An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the http_state structure was not deallocated properly, resulting in a NULL poin... Read more

    Affected Products : contiki contiki-os
    • Published: May. 28, 2017
    • Modified: Apr. 20, 2025

  • 4.5

    MEDIUM
    CVE-2016-10376

    Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.... Read more

    Affected Products : gajim
    • Published: May. 28, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-9059

    picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely.... Read more

    Affected Products : picocom
    • Published: May. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-9242

    The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted sy... Read more

    Affected Products : linux_kernel
    • Published: May. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7731

    A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature.... Read more

    Affected Products : fortiportal
    • Published: May. 27, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294319 Results