Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2017-4910

    VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple out-of-bounds read vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial of ... Read more

    Affected Products : workstation horizon_view
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-4909

    VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain a heap buffer-overflow vulnerability in TrueType Font (TTF) parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial... Read more

    Affected Products : workstation horizon_view
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-4908

    VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x prior to 4.4.0) contain multiple heap buffer-overflow vulnerabilities in JPEG2000 parser in the TPView.dll. On Workstation, this may allow a guest to execute code or perform a Denial o... Read more

    Affected Products : workstation horizon_view
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-4907

    VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and Horizon View (7.x prior to 7.1.0, 6.x prior to 6.2.4) contain a heap buffer-overflow vulnerability which may allow a remote attacker to execute code on the security gateway.... Read more

    Affected Products : horizon_view unified_access_gateway
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2017-4901

    The drag-and-drop (DnD) function in VMware Workstation 12.x before version 12.5.4 and Fusion 8.x before version 8.5.5 has an out-of-bounds memory access vulnerability. This may allow a guest to execute code on the operating system that runs Workstation or... Read more

    Affected Products : workstation fusion
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.3

    HIGH
    CVE-2017-7180

    Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privileges to write to program.exe in a protected directory, ... Read more

    Affected Products : net_monitor_for_employees
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-7346

    SQL injection vulnerability in ZCMS 1.1.... Read more

    Affected Products : zcms
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2015-3295

    markdown-it before 4.1.0 does not block data: URLs.... Read more

    Affected Products : markdown-it
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2014-9310

    Cross-site scripting (XSS) vulnerability in the WordPress Backup to Dropbox plugin before 4.1 for WordPress.... Read more

    Affected Products : wordpress_backup_to_dropbox
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-4973

    Binaries compiled against targets that use the libssp library in GCC for stack smashing protection (SSP) might allow local users to perform buffer overflow attacks by leveraging lack of the Object Size Checking feature.... Read more

    Affected Products : libssp
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2015-8538

    dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV).... Read more

    Affected Products : libdwarf
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-8235

    Directory traversal vulnerability in Spiffy before 5.4.... Read more

    Affected Products : spiffy
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2015-6959

    Cross-site scripting (XSS) vulnerability in Vindula 1.9.... Read more

    Affected Products : vindula
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-6540

    Cross-site scripting (XSS) vulnerability in Intellect Design Arena Intellect Core banking software.... Read more

    Affected Products : intellect_digital_core
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-6240

    The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack.... Read more

    Affected Products : ansible
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2015-5232

    Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0.0.197.... Read more

    Affected Products : opa-ff opa-fm
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-5175

    Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before 1.2.1 allow remote attackers to cause a denial of service.... Read more

    Affected Products : cxf_fediz
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.4

    HIGH
    CVE-2017-9355

    XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.... Read more

    Affected Products : subsonic
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7966

    A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL.... Read more

    Affected Products : somachine
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.3

    HIGH
    CVE-2017-7965

    A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller.... Read more

    Affected Products : somachine somachine_hvac
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294863 Results