Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-13073

    Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo Station versions 5.2.7, 5.4.3, and their earlier versions could allow remote attackers to inject arbitrary web script or HTML.... Read more

    Affected Products : photo_station
    • EPSS Score: %0.25
    • Published: Apr. 23, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-13072

    Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code.... Read more

    Affected Products : qts
    • EPSS Score: %0.27
    • Published: Jun. 21, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-12945

    Insufficient validation of user-supplied input for the Solstice Pod before 2.8.4 networking configuration enables authenticated attackers to execute arbitrary commands as root.... Read more

    Affected Products : solstice_firmware solstice
    • EPSS Score: %26.36
    • Published: Nov. 27, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-12885

    OX Software GmbH App Suite 7.8.4 and earlier is affected by: Cross Site Scripting (XSS).... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.45
    • Published: May. 10, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-12884

    OX Software GmbH App Suite 7.8.4 and earlier is affected by: Information Exposure.... Read more

    Affected Products : open-xchange_appsuite
    • EPSS Score: %0.39
    • Published: May. 10, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-12842

    Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevan... Read more

    Affected Products : bitcoin_core
    • EPSS Score: %1.93
    • Published: Mar. 16, 2020
    • Modified: Nov. 21, 2024

  • 8.3

    HIGH
    CVE-2017-12839

    A heap-based buffer over-read in the getbits function in src/libmpg123/getbits.h in mpg123 through 1.25.5 allows remote attackers to cause a possible denial-of-service (out-of-bounds read) or possibly have unspecified other impact via a crafted mp3 file.... Read more

    Affected Products : mpg123
    • EPSS Score: %0.64
    • Published: May. 09, 2019
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2017-12815

    Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet 52790 and earlier revealed that it is vulnerable to a path traversal vulnerability. The archive can be downloaded from a given Bomgar Remote Support Portal deployment at https://domain/api/... Read more

    Affected Products : remote_support
    • EPSS Score: %0.52
    • Published: Mar. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-12806

    In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function format8BIM, which allows attackers to cause a denial of service.... Read more

    Affected Products : imagemagick
    • EPSS Score: %0.16
    • Published: May. 09, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-12805

    In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in the function ReadTIFFImage, which allows attackers to cause a denial of service.... Read more

    Affected Products : imagemagick
    • EPSS Score: %0.16
    • Published: May. 09, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-12804

    The iwgif_init_screen function in imagew-gif.c:510 in ImageWorsener 1.3.2 allows remote attackers to cause a denial of service (hmemory exhaustion) via a crafted file.... Read more

    Affected Products : imageworsener
    • EPSS Score: %0.42
    • Published: May. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-12795

    OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: (Improper Input Validation).... Read more

    Affected Products : openmrs-module-htmlformentry
    • EPSS Score: %0.87
    • Published: May. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-12790

    Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/index.php. The attack vector is: The administrator clicks on the malicious link in the login state.... Read more

    Affected Products : metinfo
    • EPSS Score: %0.16
    • Published: May. 09, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-12789

    Metinfo 5.3.18 is affected by: Cross Site Request Forgery (CSRF). The impact is: Information Disclosure (remote). The component is: admin/interface/online/delete.php. The attack vector is: The administrator clicks on the malicious link in the login state.... Read more

    Affected Products : metinfo
    • EPSS Score: %0.14
    • Published: May. 10, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-12788

    Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in Metinfo 5.3.18 allows remote attackers to inject arbitrary web script or HTML via the (1) class1 parameter or the (2) anyid parameter.... Read more

    Affected Products : metinfo
    • EPSS Score: %0.22
    • Published: May. 09, 2019
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2017-12778

    The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\<username>\Roaming\q... Read more

    Affected Products : qbittorrent
    • EPSS Score: %0.09
    • Published: May. 09, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-12761

    http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download (remote). The component is: $file = $_GET['id'] in download.php. The attack vector is: http://speicher.example.com/envato/codecan... Read more

    Affected Products : webfile_explorer
    • EPSS Score: %1.66
    • Published: May. 09, 2019
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-12760

    Ynet Interactive - http://demo.ynetinteractive.com/mobiketa/ Mobiketa 4.0 is affected by: SQL Injection. The impact is: Code execution (remote).... Read more

    Affected Products : mobiketa
    • EPSS Score: %0.36
    • Published: May. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-12759

    Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Management 3.0 is affected by: SQL Injection. The impact is: Code execution (remote).... Read more

    Affected Products : soa_school_management
    • EPSS Score: %0.84
    • Published: May. 09, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-12758

    https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 is affected by: SQL Injection. The impact is: Code execution (remote). The component is: com_appointment component.... Read more

    Affected Products : component_appointment
    • EPSS Score: %0.63
    • Published: May. 09, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291712 Results