Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2017-7694

    Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in... Read more

    Affected Products : symphony symphony_cms
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7691

    A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592.... Read more

    Affected Products : trex
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-7689

    A Command Injection vulnerability in Schneider Electric homeLYnk Controller exists in all versions before 1.5.0.... Read more

    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.9

    HIGH
    CVE-2015-8666

    Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator.... Read more

    Affected Products : debian_linux qemu
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2015-8613

    Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO com... Read more

    Affected Products : debian_linux qemu
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2015-8568

    Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly.... Read more

    Affected Products : debian_linux qemu
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2015-8504

    Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client.... Read more

    Affected Products : debian_linux qemu
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-7893

    SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript.... Read more

    Affected Products : galaxy_s6
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2014-9837

    coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file.... Read more

    Affected Products : imagemagick
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.2

    MEDIUM
    CVE-2014-8716

    The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to cause a denial of service (out-of-bounds memory access and crash).... Read more

    Affected Products : imagemagick
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2014-8562

    DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).... Read more

    Affected Products : imagemagick
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2014-8355

    PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).... Read more

    Affected Products : imagemagick
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2014-8354

    The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.... Read more

    Affected Products : imagemagick
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2013-6647

    A use-after-free in AnimationController::endAnimationUpdate in Google Chrome.... Read more

    Affected Products : chrome
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-6088

    Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) bp_name, (2) display, (3) search, or (4) equipment parameter to module/monitoring_ged/ged_func... Read more

    Affected Products : eyesofnetwork eonweb
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-5322

    The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tiff image.... Read more

    Affected Products : debian_linux libtiff
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2016-4989

    setroubleshoot allows local users to bypass an intended container protection mechanism and execute arbitrary commands by (1) triggering an SELinux denial with a crafted file name, which is handled by the _set_tpath function in audit_data.py or via a craft... Read more

    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2016-4446

    The allow_execstack plugin for setroubleshoot allows local users to execute arbitrary commands by triggering an execstack SELinux denial with a crafted filename, related to the commands.getoutput function.... Read more

    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2016-4445

    The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 allows local users to execute arbitrary commands as root by triggering an SELinux denial with a crafted file name, related to executing external commands with the commands.getstatusoutp... Read more

    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2016-4444

    The allow_execmod plugin for setroubleshoot before 3.2.23 allows local users to execute arbitrary commands by triggering an execmod SELinux denial with a crafted binary filename, related to the commands.getstatusoutput function.... Read more

    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293651 Results