Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2017-2305

    On Juniper Networks Junos Space versions prior to 16.1R1, due to an insufficient authorization check, readonly users on the Junos Space administrative web interface can create privileged users, allowing privilege escalation.... Read more

    Affected Products : junos_space
    • Published: May. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-2304

    Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 devices running Junos OS 14.1X53 prior to 14.1X53-D40, 15.1X53 prior to 15.1X53-D40, 15.1 prior to 15.1R2, do not pad Ethernet packets with zeros, and thus some packets can contain fra... Read more

    • Published: May. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-2303

    On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D50, 12.1X47 prior to 12.1X47-D40, 12.3 prior to 12.3R13, 12.3X48 prior to 12.3X48-D30, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 ... Read more

    Affected Products : junos junos
    • Published: May. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-2302

    On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D55, 12.1X47 prior to 12.1X47-D45, 12.3R13 prior to 12.3R13, 12.3X48 prior to 12.3X48-D35, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, 14.1X53 prior to 14.1X53-D40, 14.1X... Read more

    Affected Products : junos junos
    • Published: May. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-2301

    On Juniper Networks products or platforms running Junos OS 11.4 prior to 11.4R13-S3, 12.1X46 prior to 12.1X46-D60, 12.3 prior to 12.3R12-S2 or 12.3R13, 12.3X48 prior to 12.3X48-D40, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8... Read more

    Affected Products : junos junos
    • Published: May. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-2300

    On Juniper Networks SRX Series Services Gateways chassis clusters running Junos OS 12.1X46 prior to 12.1X46-D65, 12.3X48 prior to 12.3X48-D40, 12.3X48 prior to 12.3X48-D60, flowd daemon on the primary node of an SRX Series chassis cluster may crash and re... Read more

    Affected Products : junos junos
    • Published: May. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-3083

    Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP connections (it supports both transport modes). While validating the server's certificate during the connection setup, the client in Apache Hive before 1.2.2 and 2.0.x before 2.0.1 doe... Read more

    Affected Products : hive
    • Published: May. 30, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9303

    Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host.... Read more

    Affected Products : laravel framework
    • Published: May. 29, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-9302

    RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file.... Read more

    Affected Products : realplayer
    • Published: May. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9301

    plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.... Read more

    Affected Products : vlc_media_player
    • Published: May. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9300

    plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.... Read more

    Affected Products : vlc_media_player
    • Published: May. 29, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9299

    Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. NOTE: this CVE may have limited relevance because it represents a 2017 discovery of an issue in software ... Read more

    Affected Products : otrs
    • Published: May. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2016-10379

    The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL injection by remote authenticated administrators via the virtuemart_paymentmethod_id or virtuemart_shipmentmethod_id parameter to administrator/index.php.... Read more

    Affected Products : virtuemart
    • Published: May. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2016-10378

    e107 2.1.1 allows SQL injection by remote authenticated administrators via the pagelist parameter to e107_admin/menus.php, related to the menuSaveVisibility function.... Read more

    Affected Products : e107
    • Published: May. 29, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-9298

    Cross-site scripting vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to execute arbitrary JavaScript code.... Read more

    Affected Products : device_manager
    • Published: May. 29, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9297

    Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to redirect users to arbitrary web sites.... Read more

    Affected Products : device_manager
    • Published: May. 29, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9296

    Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Tuning Manager before 8.5.2-00 allows remote attackers to redirect authenticated users to arbitrary web sites.... Read more

    Affected Products : device_manager
    • Published: May. 29, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-9295

    XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi Replication Manager before 8.5.2-00 allows authenticated remote users to read arbitrary files.... Read more

    Affected Products : device_manager
    • Published: May. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9294

    RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports.... Read more

    Affected Products : device_manager
    • Published: May. 29, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9292

    Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug 542782.... Read more

    Affected Products : lansweeper
    • Published: May. 29, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294344 Results