Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.0

    MEDIUM
    CVE-2017-18382

    cPanel before 68.0.15 allows use of an unreserved e-mail address in DNS zone SOA records (SEC-306).... Read more

    Affected Products : cpanel
    • Published: Aug. 02, 2019
    • Modified: Nov. 21, 2024

  • 7.2

    HIGH
    CVE-2017-18381

    The installation process in Open edX before 2017-01-10 exposes a MongoDB instance to external connections with default credentials.... Read more

    Affected Products : edx-platform
    • Published: Jul. 30, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18380

    edx-platform before 2017-08-03 allows attackers to trigger password-reset e-mail messages in which the reset link has an attacker-controlled domain name.... Read more

    Affected Products : edx-platform
    • Published: Jul. 30, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18379

    In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c.... Read more

    Affected Products : linux_kernel
    • Published: Jul. 27, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18378

    In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution.... Read more

    • Published: Jun. 11, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-18377

    An issue was discovered on Wireless IP Camera (P2P) WIFICAM cameras. There is Command Injection in the set_ftp.cgi script via shell metacharacters in the pwd variable, as demonstrated by a set_ftp.cgi?svr=192.168.1.1&port=21&user=ftp URI.... Read more

    • Published: Jun. 11, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-18376

    An improper authorization check in the User API in TheHive before 2.13.4 and 3.x before 3.3.1 allows users with read-only or read/write access to escalate their privileges to the administrator's privileges. This affects app/controllers/UserCtrl.scala.... Read more

    Affected Products : thehive
    • Published: Jun. 02, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-18375

    Ampache 3.8.3 allows PHP Object Instantiation via democratic.ajax.php and democratic.class.php.... Read more

    Affected Products : ampache
    • Published: May. 24, 2019
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-18374

    The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has two user accounts with default passwords, including a hardcoded service account with the username true and password true. These accounts can be used to... Read more

    • Published: May. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-18373

    The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username user... Read more

    Affected Products : 5200w-t_firmware 5200w-t
    • Published: May. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-18372

    The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerability in the Time Setting function, which is only accessible by an authenticated user. The vulnerability is in the tools_time.asp page and... Read more

    • Published: May. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18371

    The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has three user accounts with default passwords, including two hardcoded service accounts: one with the username true and password true, and another with the username supervisor ... Read more

    • Published: May. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-18370

    The ZyXEL P660HN-T1A v2 TCLinux Fw #7.3.37.6 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is only accessible by an authenticated user. The vulnerability is in the logSet.asp pag... Read more

    • Published: May. 02, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-18369

    The Billion 5200W-T 1.02b.rc5.dt49 router distributed by TrueOnline has a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user. The vulnerability is in the adv_remotelog.asp page and ... Read more

    Affected Products : 5200w-t_firmware 5200w-t
    • Published: May. 02, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18367

    libseccomp-golang 0.9.0 and earlier incorrectly generates BPFs that OR multiple arguments rather than ANDing them. A process running under a restrictive seccomp filter that specified multiple syscall arguments could bypass intended access restrictions by ... Read more

    Affected Products : libseccomp-golang
    • Published: Apr. 24, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-18366

    Subrion CMS 4.1.5 has CSRF in blog/delete/.... Read more

    Affected Products : subrion subrion_cms
    • Published: Apr. 15, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18365

    The Management Console in GitHub Enterprise 2.8.x before 2.8.7 has a deserialization issue that allows unauthenticated remote attackers to execute arbitrary code. This occurs because the enterprise session secret is always the same, and can be found in th... Read more

    Affected Products : github
    • Published: Mar. 28, 2019
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2017-18364

    phpFK lite has XSS via the faq.php, members.php, or search.php query string or the user.php user parameter.... Read more

    Affected Products : phpfk
    • Published: Mar. 27, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18361

    In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis.... Read more

    Affected Products : colander
    • Published: Feb. 01, 2019
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-18360

    In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.... Read more

    Affected Products : linux_kernel ubuntu_linux
    • Published: Jan. 31, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 292795 Results