Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-18643

    An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. There is information disclosure of the kbase_context address of a GPU memory node. The Samsung ID is SVE-2017-8907 (December 2017).... Read more

    Affected Products : android
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-18642

    Syska Smart Bulb devices through 2017-08-06 receive RGB parameters over cleartext Bluetooth Low Energy (BLE), leading to sniffing, reverse engineering, and replay attacks.... Read more

    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-18641

    In LXC 2.0, many template scripts download code over cleartext HTTP, and omit a digital-signature check, before running it to bootstrap containers.... Read more

    Affected Products : lxc
    • Published: Feb. 10, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18640

    The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.... Read more

    • Published: Dec. 12, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18639

    Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Con... Read more

    Affected Products : sitefinity sitefinity_cms
    • Published: Nov. 06, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18638

    send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request i... Read more

    Affected Products : graphite
    • Published: Oct. 11, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-18636

    CDG through 2017-01-01 allows downloadDocument.jsp?command=download&pathAndName= directory traversal.... Read more

    Affected Products : cdg
    • Published: Sep. 30, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18635

    An XSS vulnerability was discovered in noVNC before 0.6.2 in which the remote VNC server could inject arbitrary HTML into the noVNC web page via the messages propagated to the status field, such as the VNC server name.... Read more

    • Published: Sep. 25, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18634

    The newspaper theme before 6.7.2 for WordPress has script injection via td_ads[header] to admin-ajax.php.... Read more

    Affected Products : newspaper
    • Published: Sep. 16, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18615

    The kama-clic-counter plugin before 3.5.0 for WordPress has XSS.... Read more

    Affected Products : kama_click_counter
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 9.3

    HIGH
    CVE-2017-18614

    The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter.... Read more

    Affected Products : kama_click_counter
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18613

    The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter.... Read more

    Affected Products : trust_form
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18612

    The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/func-whois.php domain parameter.... Read more

    Affected Products : wp-whois-domain
    • Published: Sep. 13, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18611

    The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-field-css parameter.... Read more

    Affected Products : magic_fields
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18610

    The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-group-id parameter.... Read more

    Affected Products : magic_fields
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18609

    The magic-fields plugin before 1.7.2 for WordPress has XSS via the custom-write-panel-id parameter.... Read more

    Affected Products : magic_fields
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18608

    The spotim-comments plugin before 4.0.4 for WordPress has multiple XSS issues.... Read more

    Affected Products : spot.im_comments
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-18607

    The avada theme before 5.1.5 for WordPress has CSRF.... Read more

    Affected Products : avada
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-18606

    The avada theme before 5.1.5 for WordPress has stored XSS.... Read more

    Affected Products : avada
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-18605

    The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection.... Read more

    Affected Products : gravitate_qa_tracker
    • Published: Sep. 10, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 293329 Results