Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2016-10145

    Off-by-one error in coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via vectors related to a string copy.... Read more

    Affected Products : imagemagick
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10144

    coders/ipl.c in ImageMagick allows remote attackers to have unspecific impact by leveraging a missing malloc check.... Read more

    Affected Products : imagemagick
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10133

    Heap-based buffer overflow in the js_stackoverflow function in jsrun.c in Artifex Software, Inc. MuJS allows attackers to have unspecified impact by leveraging an error when dropping extra arguments to lightweight functions.... Read more

    Affected Products : mujs
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10132

    regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to regular expression compilation.... Read more

    Affected Products : fedora mujs
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-10130

    The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to spoof servers by leveraging clobbering of the error variable.... Read more

    Affected Products : libgit2 libgit2
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10129

    The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via an empty packet line.... Read more

    Affected Products : libgit2 libgit2
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10128

    Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to have unspecified impact via a crafted non-flush packet.... Read more

    Affected Products : libgit2 libgit2
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-6087

    EyesOfNetwork ("EON") 5.0 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the selected_events[] parameter in the (1) acknowledge, (2) delete, or (3) ownDisown function in module/monitoring_ged/ged_functi... Read more

    Affected Products : eonweb eonweb
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-5869

    Directory traversal vulnerability in the file import feature in Nuxeo Platform 6.0, 7.1, 7.2, and 7.3 allows remote authenticated users to upload and execute arbitrary JSP code via a .. (dot dot) in the X-File-Name header.... Read more

    Affected Products : nuxeo
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-5644

    Apache POI in versions prior to release 3.15 allows remote attackers to cause a denial of service (CPU consumption) via a specially crafted OOXML file, aka an XML Entity Expansion (XEE) attack.... Read more

    Affected Products : poi
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10149

    XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier allows remote attackers to read arbitrary files via a crafted SAML XML request or response.... Read more

    Affected Products : debian_linux pysaml2
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2015-8678

    The ION driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with softw... Read more

    Affected Products : mate_s_firmware p8_firmware p8 mate_s
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2015-8556

    Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.... Read more

    Affected Products : qemu
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-6369

    Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 and 3.0.x before 3.0.2 allow remote authenticated users to execute code by using a 'system' entrypoint from fbudf.so.... Read more

    Affected Products : firebird firebird
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-6507

    An issue was discovered in AppArmor before 2.12. Incorrect handling of unknown AppArmor profiles in AppArmor init scripts, upstart jobs, and/or systemd unit files allows an attacker to possibly have increased attack surfaces of processes that were intende... Read more

    Affected Products : apparmor ubuntu_core ubuntu_touch
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-5199

    The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 allows remote authenticated users to execute arbitrary code by editing /usr/local/contego/scripts/mgrconfig.pl.... Read more

    Affected Products : log_and_event_manager
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-5198

    SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo configuration, which allows local users to obtain root access by editing /usr/local/contego/scripts/hostname.sh.... Read more

    Affected Products : log_and_event_manager
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7251

    A Cross-Site Scripting (XSS) was discovered in pi-engine/pi 2.5.0. The vulnerability exists due to insufficient filtration of user-supplied data (preview) passed to the "pi-develop/www/script/editor/markitup/preview/markdown.php" URL. An attacker could ex... Read more

    Affected Products : pi
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7250

    A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. The vulnerability exists due to insufficient filtration of user-supplied data (action) passed to the 'Gazelle-master/sections/tools/finances/bitcoin_balance.php' URL. An attacker co... Read more

    Affected Products : gazelle
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7249

    Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data (action, userid) passed to the 'Gazelle-master/sections/tools/data/ocelot_info.php' URL. An at... Read more

    Affected Products : gazelle
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293612 Results