Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.9

    LOW
    CVE-2017-9635

    Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges. When Ampla MES users are configured to use Simple Security, a weakness in the password hashing algorithm could be exploited to reverse the user's password. Schne... Read more

    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-9634

    Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and s... Read more

    Affected Products : e-designer
    • Published: Apr. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-9626

    Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access. Marel has created an update for Pluto-based applications. This update will restrict remote access by implementing SSH authentication.... Read more

    Affected Products : pluto1203 pluto2
    • Published: Mar. 27, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-9513

    Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues th... Read more

    Affected Products : activity_streams
    • Published: Jan. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-9453

    BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass.... Read more

    Affected Products : server_automation
    • Published: Sep. 05, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-9447

    In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. A remote, unauthenticated attacker cou... Read more

    Affected Products : remote_application_server
    • Published: Feb. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-9426

    ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action.... Read more

    Affected Products : facetag
    • Published: Feb. 26, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-9425

    The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action.... Read more

    Affected Products : facetag
    • Published: Feb. 26, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-9421

    Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token.... Read more

    Affected Products : kiteworks
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-9414

    Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly have... Read more

    Affected Products : subsonic
    • Published: Feb. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-9392

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "reque... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-9391

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "reque... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-9390

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called connect.sh which is supposed to return a specific cookie for the user when the user is authenticated to https://home.getvera.com. One o... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-9389

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device allows a user to install applications written in the ... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-9388

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device firmware file contains a file known as proxy.sh which... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-9387

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called relay.sh which is used for creating new SSH relays for the device so that the device connects to Vera servers. All the parameters passe... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-9386

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a script file called "get_file.sh" which allows a user to retrieve any file stored in the "cmh-ext" folder on the device. However, the "filename" parameter i... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-9385

    An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user can obtain on the device. This web interface uses root as the use... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-9384

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device firmware file contains a file known as relay.sh which... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.9

    CRITICAL
    CVE-2017-9383

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "wget"... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293507 Results