Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.1

    CRITICAL
    CVE-2017-9656

    The backend database of the Philips DoseWise Portal application versions 1.1.7.333 and 2.1.1.3069 uses hard-coded credentials for a database account with privileges that can affect confidentiality, integrity, and availability of the database. For an attac... Read more

    Affected Products : dosewise
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-9654

    The Philips DoseWise Portal web-based application versions 1.1.7.333 and 2.1.1.3069 stores login credentials in clear text within backend system files. CVSS v3 base score: 6.5, CVSS vector string: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.... Read more

    Affected Products : dosewise
    • Published: Apr. 24, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-9641

    PI Coresight 2016 R2 contains a cross-site request forgery vulnerability that may allow access to the PI system. OSIsoft recommends that users upgrade to PI Vision 2017 or greater to mitigate this vulnerability.... Read more

    Affected Products : pi_coresight
    • Published: May. 25, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-9638

    Mitsubishi E-Designer, Version 7.52 Build 344 contains six code sections which may be exploited to overwrite the stack. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.... Read more

    Affected Products : e-designer
    • Published: Apr. 17, 2018
    • Modified: Nov. 21, 2024

  • 4.1

    MEDIUM
    CVE-2017-9637

    Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection str... Read more

    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-9636

    Mitsubishi E-Designer, Version 7.52 Build 344 contains five code sections which may be exploited to overwrite the heap. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.... Read more

    Affected Products : e-designer
    • Published: Apr. 17, 2018
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2017-9635

    Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges. When Ampla MES users are configured to use Simple Security, a weakness in the password hashing algorithm could be exploited to reverse the user's password. Schne... Read more

    • Published: May. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-9634

    Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and s... Read more

    Affected Products : e-designer
    • Published: Apr. 17, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-9626

    Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access. Marel has created an update for Pluto-based applications. This update will restrict remote access by implementing SSH authentication.... Read more

    Affected Products : pluto1203 pluto2
    • Published: Mar. 27, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-9513

    Several rest inline action resources of Atlassian Activity Streams before version 6.3.0 allows remote authenticated attackers to watch any Confluence page & receive notifications when comments are added to the watched page, and vote & watch JIRA issues th... Read more

    Affected Products : activity_streams
    • Published: Jan. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-9453

    BMC Server Automation before 8.9.01 patch 1 allows Process Spawner command execution because of authentication bypass.... Read more

    Affected Products : server_automation
    • Published: Sep. 05, 2023
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-9447

    In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. A remote, unauthenticated attacker cou... Read more

    Affected Products : remote_application_server
    • Published: Feb. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-9426

    ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action.... Read more

    Affected Products : facetag
    • Published: Feb. 26, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-9425

    The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action.... Read more

    Affected Products : facetag
    • Published: Feb. 26, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-9421

    Authentication Bypass vulnerability in Accellion kiteworks before 2017.01.00 allows remote attackers to execute certain API calls on behalf of a web user using a gathered token via a POST request to /oauth/token.... Read more

    Affected Products : kiteworks
    • Published: May. 24, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-9414

    Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly have... Read more

    Affected Products : subsonic
    • Published: Feb. 05, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-9392

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "reque... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-9391

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "reque... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-9390

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called connect.sh which is supposed to return a specific cookie for the user when the user is authenticated to https://home.getvera.com. One o... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-9389

    An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a web user interface that allows a user to manage the device. As a part of the functionality the device allows a user to install applications written in the ... Read more

    • Published: Jun. 17, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293510 Results