Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-11128 1 Bolt 1 Bolt Cms 2017-07-19 3.5 LOW 5.4 MEDIUM
Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry.
CVE-2017-11127 1 Bolt 1 Bolt Cms 2017-07-19 3.5 LOW 5.4 MEDIUM
Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header.
CVE-2017-1000062 1 Kitto Project 1 Kitto 2017-07-19 5.0 MEDIUM 7.5 HIGH
kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution
CVE-2017-1000054 1 Rocketchat 1 Rocket.chat 2017-07-19 4.3 MEDIUM 6.1 MEDIUM
Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the markdown link parsing code for messages.
CVE-2017-1000039 1 Framasoft 1 Framadate 2017-07-19 7.5 HIGH 9.8 CRITICAL
Framadate version 1.0 is vulnerable to Formula Injection in the CSV Export resulting possible Information Disclosure and Code Execution
CVE-2017-1000044 1 Gnome 1 Gtk-vnc 2017-07-19 7.5 HIGH 9.8 CRITICAL
gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering
CVE-2017-1000075 1 Creolabs 1 Gravity 2017-07-19 7.5 HIGH 9.8 CRITICAL
Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function
CVE-2017-1000063 1 Kitto Project 1 Kitto 2017-07-19 4.3 MEDIUM 6.1 MEDIUM
kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 page resulting in information disclosure
CVE-2017-1000064 1 Kitto Project 1 Kitto 2017-07-19 5.0 MEDIUM 7.5 HIGH
kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion in the router resulting in DoS
CVE-2017-1000073 1 Creolabs 1 Gravity 2017-07-19 7.5 HIGH 9.8 CRITICAL
Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary code execution.
CVE-2017-1000074 1 Creolabs 1 Gravity 2017-07-19 7.5 HIGH 9.8 CRITICAL
Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function.
CVE-2017-10929 1 Radare 1 Radare2 2017-07-19 6.8 MEDIUM 7.8 HIGH
The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file, possibly related to a read overflow in the grub_disk_read_small_real function in kern/disk.c in GNU GRUB 2.02.
CVE-2017-1000032 1 Cacti 1 Cacti 2017-07-19 4.3 MEDIUM 6.1 MEDIUM
Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow remote attackers to inject arbitrary web script or HTML via the parent_id parameter to tree.php and drp_action parameter to data_sources.php.
CVE-2017-7664 1 Apache 1 Openmeetings 2017-07-19 7.5 HIGH 10.0 CRITICAL
Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.
CVE-2017-7663 1 Apache 1 Openmeetings 2017-07-19 4.3 MEDIUM 6.1 MEDIUM
Both global and Room chat are vulnerable to XSS attack in Apache OpenMeetings 3.2.0.
CVE-2017-7666 1 Apache 1 Openmeetings 2017-07-19 6.8 MEDIUM 8.8 HIGH
Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.
CVE-2017-7681 1 Apache 1 Openmeetings 2017-07-19 6.5 MEDIUM 8.8 HIGH
Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows authenticated users to modify the structure of the existing query and leak the structure of other queries being made by the application in the back-end.
CVE-2017-7683 1 Apache 1 Openmeetings 2017-07-19 5.0 MEDIUM 7.5 HIGH
Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure.
CVE-2017-1000031 1 Cacti 1 Cacti 2017-07-19 6.5 MEDIUM 8.8 HIGH
SQL injection vulnerability in graph_templates_inputs.php in Cacti 0.8.8b allows remote attackers to execute arbitrary SQL commands via the graph_template_input_id and graph_template_id parameters.
CVE-2017-3102 1 Adobe 1 Connect 2017-07-19 4.3 MEDIUM 6.1 MEDIUM
Adobe Connect versions 9.6.1 and earlier have a reflected cross-site scripting vulnerability. Successful exploitation could lead to a reflected cross-site scripting attack.