Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2017-7209

    The dump_section_as_bytes function in readelf in GNU Binutils 2.28 accesses a NULL pointer while reading section contents in a corrupt binary, leading to a program crash.... Read more

    Affected Products : binutils
    • Published: Mar. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-7208

    The decode_residual function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.... Read more

    Affected Products : libav
    • Published: Mar. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-7207

    The mem_get_bits_rectangle function in Artifex Software, Inc. Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document.... Read more

    Affected Products : ghostscript
    • Published: Mar. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-7206

    The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows remote attackers to cause a denial of service (heap-based buffer over-read) or obtain sensitive information from process memory via a crafted h264 video file.... Read more

    Affected Products : libav
    • Published: Mar. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7205

    A Cross-Site Scripting (XSS) was discovered in GamePanelX-V3 3.0.12. The vulnerability exists due to insufficient filtration of user-supplied data (a) passed to the "GamePanelX-V3-master/ajax/ajax.php" URL. An attacker could execute arbitrary HTML and scr... Read more

    Affected Products : gamepanelx-v3
    • Published: Mar. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7204

    A Cross-Site Scripting (XSS) was discovered in imdbphp 5.1.1. The vulnerability exists due to insufficient filtration of user-supplied data (name) passed to the "imdbphp-master/demo/search.php" URL. An attacker could execute arbitrary HTML and script code... Read more

    Affected Products : imdbphp
    • Published: Mar. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7203

    A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. The vulnerability exists due to insufficient filtration of user-supplied data (postLoginQuery) passed to the "ZoneMinder-master/web/skins/classic/views/js/postlogin.js.php" URL. An a... Read more

    Affected Products : zoneminder
    • Published: Mar. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7202

    Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-16. The vulnerabilities exist due to insufficient filtration of user-supplied data (id) passed to the 'slims7_cendana-master/template/default/detail_template.php' and 's... Read more

    Affected Products : slims7_cendana
    • Published: Mar. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2017-7200

    An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'... Read more

    Affected Products : glance glance
    • Published: Mar. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2014-9939

    ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow when printing bad bytes in Intel Hex objects.... Read more

    Affected Products : binutils
    • Published: Mar. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-4931

    XML entity injection in Junos Space before 15.2R2 allows attackers to cause a denial of service.... Read more

    Affected Products : junos_space junos_space
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-4930

    Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions.... Read more

    Affected Products : junos_space junos_space
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2016-4929

    Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user.... Read more

    Affected Products : junos_space junos_space
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4928

    Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space.... Read more

    Affected Products : junos_space junos_space
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2016-4927

    Insufficient validation of SSH keys in Junos Space before 15.2R2 allows man-in-the-middle (MITM) type of attacks while a Space device is communicating with managed devices.... Read more

    Affected Products : junos_space junos_space
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-4926

    Insufficient authentication vulnerability in Junos Space before 15.2R2 allows remote network based users with access to Junos Space web interface to perform certain administrative tasks without authentication.... Read more

    Affected Products : junos_space junos_space
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2016-6816

    The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permi... Read more

    Affected Products : tomcat
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-6839

    Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.... Read more

    Affected Products : audiofile
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-6838

    Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via a crafted file.... Read more

    Affected Products : audiofile
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-6837

    WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote attackers to cause a denial of service (crash) via vectors related to a large number of coefficients.... Read more

    Affected Products : audiofile
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293609 Results