Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-6311

    gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to printing an error message.... Read more

    Affected Products : fedora gdk-pixbuf
    • Published: Mar. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-5872

    The TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 57.1 before 57.152, 58.1 before 58.142, or 59.1 before 59.172, when running a TLS 1.2 service, allows remote attackers to cause a denial of service (network connectivity disruptio... Read more

    Affected Products : clearpath_mcp
    • Published: Mar. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-2330

    Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies.... Read more

    Affected Products : webkitgtk
    • Published: Mar. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-6465

    Remote Code Execution was discovered in FTPShell Client 6.53. By default, the client sends a PWD command to the FTP server it is connecting to; however, it doesn't check the response's length, leading to a buffer overflow situation.... Read more

    Affected Products : ftpshell_client
    • Published: Mar. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-4960

    An issue was discovered in Cloud Foundry release v247 through v252, UAA stand-alone release v3.9.0 through v3.11.0, and UAA Bosh Release v21 through v26. There is a potential to subject the UAA OAuth clients to a denial of service attack.... Read more

    • Published: Mar. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6797

    A cross-site scripting (XSS) vulnerability in bug_change_status_page.php in MantisBT before 1.3.7 and 2.x before 2.2.1 allows remote attackers to inject arbitrary JavaScript via the 'action_type' parameter.... Read more

    Affected Products : mantisbt
    • Published: Mar. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6591

    There is a cross-site scripting vulnerability in django-epiceditor 0.2.3 via crafted content in a form field.... Read more

    Affected Products : django-epiceditor
    • Published: Mar. 09, 2017
    • Modified: Apr. 20, 2025

  • 6.9

    MEDIUM
    CVE-2017-6590

    An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary comman... Read more

    Affected Products : ubuntu_linux
    • Published: Mar. 09, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6589

    EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecure default marked.js configuration. An example attack vector is a crafted IMG element in an HTML document.... Read more

    Affected Products : epiceditor
    • Published: Mar. 09, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-6529

    An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter.... Read more

    Affected Products : dnalims
    • Published: Mar. 09, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-6528

    An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file).... Read more

    Affected Products : dnalims
    • Published: Mar. 09, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-6527

    An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID p... Read more

    Affected Products : dnalims
    • Published: Mar. 09, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-6526

    An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests).... Read more

    Affected Products : dnalims
    • Published: Mar. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-6432

    An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injectio... Read more

    Affected Products : nvr_firmware dhi-hcvr7216a-s3
    • Published: Mar. 09, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-6578

    A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: subscriber_email.... Read more

    Affected Products : mail-masta
    • Published: Mar. 09, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-6577

    A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id.... Read more

    Affected Products : mail-masta
    • Published: Mar. 09, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-6576

    A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/campaign/campaign-delete.php with the GET Parameter: id.... Read more

    Affected Products : mail-masta
    • Published: Mar. 09, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-6575

    A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: member_id.... Read more

    Affected Products : mail-masta
    • Published: Mar. 09, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-6574

    A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit_member.php with the GET Parameter: filter_list.... Read more

    Affected Products : mail-masta
    • Published: Mar. 09, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-6573

    A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/lists/edit-list.php with the GET Parameter: id.... Read more

    Affected Products : mail-masta
    • Published: Mar. 09, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293544 Results