Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2017-8051

    Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands.... Read more

    Affected Products : appliance
    • EPSS Score: %53.06
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2017-7921

    An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 160530, DS-2CD2xx0F-I Series V5.2.0 build 140721 to V5.4.0 Build 160401, DS-2CD2xx2FWD Series V5.3.1 build 150410 to V5.4.4 Build 161125,... Read more

    • EPSS Score: %94.14
    • Published: May. 06, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-6211

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the processing of a downlink supplementary services message, a buffer overflow can occur.... Read more

    Affected Products : android
    • EPSS Score: %0.11
    • Published: Dec. 05, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-5821

    A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P04 was found.... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %47.52
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-5814

    A remote sql injection authentication bypass in HPE Network Automation version 9.1x, 9.2x, 10.0x, 10.1x and 10.2x were found.... Read more

    Affected Products : network_automation
    • EPSS Score: %37.13
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-5807

    A Remote Arbitrary Code Execution vulnerability in HPE Data Protector version prior to 8.17 and 9.09 was found.... Read more

    Affected Products : data_protector
    • EPSS Score: %46.96
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-5791

    The doFilter method in UrlAccessController in HPE Intelligent Management Center (iMC) PLAT 7.2 E0403P06 allows remote bypass of authentication via unspecified strings in a URI.... Read more

    • EPSS Score: %64.34
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2017-5226

    When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox.... Read more

    Affected Products : bubblewrap
    • EPSS Score: %10.38
    • Published: Mar. 29, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-4918

    VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains a command injection vulnerability in the service startup script. Successful exploitation of this issue may allow unprivileged users to escalate their privileges to root on the Mac OSX s... Read more

    Affected Products : horizon_view
    • EPSS Score: %3.01
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-3792

    A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. The vulnerabi... Read more

    • EPSS Score: %1.99
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-2973

    Adobe Digital Editions versions 4.5.3 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : digital_editions
    • EPSS Score: %16.60
    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2017-2343

    The Integrated User Firewall (UserFW) feature was introduced in Junos OS version 12.1X47-D10 on the Juniper SRX Series devices to provide simple integration of user profiles on top of the existing firewall polices. As part of an internal security review o... Read more

    Affected Products : junos srx100 srx110 srx210 srx220 srx240 srx550 srx650 srx1400 srx3400 +4 more products
    • EPSS Score: %3.10
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-17560

    An issue was discovered on Western Digital MyCloud PR4100 2.30.172 devices. The web administration component, /web/jquery/uploader/multi_uploadify.php, provides multipart upload functionality that is accessible without authentication and can be used to pl... Read more

    • EPSS Score: %83.38
    • Published: Dec. 12, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-16638

    The Gentoo net-misc/vde package before version 2.3.2-r4 may allow members of the "qemu" group to gain root privileges by creating a hard link in a directory on which "chown" is called recursively by the OpenRC service script.... Read more

    Affected Products : vde
    • EPSS Score: %0.25
    • Published: Nov. 06, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-15548

    An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, 7.4.x, 7.5.0; EMC NetWorker Virtual Edition (NVE) 9.0.x, 9.1.x, 9.2.x; and EMC Integrated Data Protection Appliance 2.0. A remote unauthenticated malicious user can potentially bypass appli... Read more

    • EPSS Score: %0.23
    • Published: Jan. 05, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-15376

    The TELNET service in Mobatek MobaXterm 10.4 does not require authentication, which allows remote attackers to execute arbitrary commands via TCP port 23.... Read more

    Affected Products : mobaxterm
    • EPSS Score: %4.39
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2022-35698

    Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored Cross-site Scripting vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execu... Read more

    • EPSS Score: %5.93
    • Published: Oct. 14, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-12557

    A Remote Code Execution vulnerability in HPE intelligent Management Center (iMC) PLAT version IMC Plat 7.3 E0504P2 and earlier was found.... Read more

    Affected Products : intelligent_management_center
    • EPSS Score: %86.67
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2024-30224

    Deserialization of Untrusted Data vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.2. ... Read more

    Affected Products : wholesalex
    • Published: Mar. 28, 2024
    • Modified: Apr. 08, 2025

  • 10.0

    HIGH
    CVE-2017-12240

    The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also ... Read more

    • Actively Exploited
    • EPSS Score: %19.96
    • Published: Sep. 29, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291419 Results