Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-11650

    Cross-site scripting (XSS) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to inject arbitrary web script or HTML via vectors involving home.asp.... Read more

    Affected Products : vigorap_910c_firmware vigorap_910c
    • EPSS Score: %0.22
    • Published: Mar. 07, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-11649

    Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to hijack the authentication of unspecified users for requests that enable SNMP on the remote device via vectors in... Read more

    Affected Products : vigorap_910c_firmware vigorap_910c
    • EPSS Score: %0.14
    • Published: Mar. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-11635

    An issue was discovered on Wireless IP Camera 360 devices. Attackers can read recordings by navigating to /mnt/idea0 or /mnt/idea1 on the SD memory card.... Read more

    Affected Products : wireless_ip_camera_360
    • EPSS Score: %0.32
    • Published: Feb. 26, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-11634

    An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover a weakly encoded admin password by connecting to TCP port 9527 and reading the password field of the debugging information, e.g., nTBCS19C corresponds to a password o... Read more

    Affected Products : wireless_ip_camera_360
    • EPSS Score: %2.59
    • Published: Feb. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-11633

    An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover RTSP credentials by connecting to TCP port 9527 and reading the InsertConnect field.... Read more

    Affected Products : wireless_ip_camera_360
    • EPSS Score: %0.33
    • Published: Feb. 26, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-11632

    An issue was discovered on Wireless IP Camera 360 devices. A root account with a known SHA-512 password hash exists, which makes it easier for remote attackers to obtain administrative access via a TELNET session.... Read more

    Affected Products : wireless_ip_camera_360
    • EPSS Score: %2.59
    • Published: Feb. 26, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-11580

    Blipcare Wifi blood pressure monitor BP700 10.1 devices allow memory corruption that results in Denial of Service. When connected to the "Blip" open wireless connection provided by the device, if a large string is sent as a part of the HTTP request in any... Read more

    • EPSS Score: %0.50
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2017-11579

    In the most recent firmware for Blipcare, the device provides an open Wireless network called "Blip" for communicating with the device. The user connects to this open Wireless network and uses the web management interface of the device to provide the user... Read more

    • EPSS Score: %0.76
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-11578

    It was discovered as a part of the research on IoT devices in the most recent firmware for Blipcare device that the device allows to connect to web management interface on a non-SSL connection using plain text HTTP protocol. The user uses the web manageme... Read more

    • EPSS Score: %1.41
    • Published: Jul. 02, 2019
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-11564

    The D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has multiple command injection vulnerabilities in the web service framework. An attacker can forge malicious HTTP requests to execute commands; authentication is required before executing the attack.... Read more

    • EPSS Score: %2.97
    • Published: Aug. 24, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2017-11563

    D-Link EyeOn Baby Monitor (DCS-825L) 1.08.1 has a remote code execution vulnerability. A UDP "Discover" service, which provides multiple functions such as changing the passwords and getting basic information, was installed on the device. A remote attacker... Read more

    • EPSS Score: %15.67
    • Published: Aug. 24, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-11561

    An issue was discovered in ZOHO ManageEngine OpManager 12.2. An authenticated user can upload any file they want to share in the "Group Chat" or "Alarm" section. This functionality can be abused by a malicious user by uploading a web shell.... Read more

    Affected Products : manageengine_opmanager
    • EPSS Score: %0.82
    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-11560

    An issue was discovered in ZOHO ManageEngine OpManager 12.2. By adding a Google Map to the application, an authenticated user can upload an HTML file. This HTML file is then rendered in various locations of the application. JavaScript inside the uploaded ... Read more

    Affected Products : manageengine_opmanager
    • EPSS Score: %1.78
    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-11559

    An issue was discovered in ZOHO ManageEngine OpManager 12.2. The 'apiKey' parameter of "/api/json/admin/getmailserversettings" and "/api/json/dashboard/gotoverviewlist" is vulnerable to a Blind SQL Injection attack.... Read more

    Affected Products : manageengine_opmanager
    • EPSS Score: %7.93
    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2017-11557

    An issue was discovered in ZOHO ManageEngine Applications Manager 12.3. It is possible for an unauthenticated user to view the list of domain names and usernames used in a company's network environment via a userconfiguration.do?method=editUser request.... Read more

    Affected Products : manageengine_applications_manager
    • EPSS Score: %1.12
    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-11510

    An information leak exists in Wanscam's HW0021 network camera that allows an unauthenticated remote attacker to recover the administrator username and password via an ONVIF GetSnapshotUri request.... Read more

    Affected Products : hw0021_firmware hw0021
    • EPSS Score: %1.00
    • Published: Mar. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-11509

    An authenticated remote attacker can execute arbitrary code in Firebird SQL Server versions 2.5.7 and 3.0.2 by executing a malformed SQL statement.... Read more

    Affected Products : debian_linux firebird
    • EPSS Score: %11.58
    • Published: Mar. 28, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-11430

    OmniAuth OmnitAuth-SAML 1.9.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing ... Read more

    Affected Products : omnitauth-saml omniauth_saml
    • EPSS Score: %0.69
    • Published: Apr. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-11429

    Clever saml2-js 2.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack... Read more

    Affected Products : saml2-js
    • EPSS Score: %0.43
    • Published: Apr. 17, 2019
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-11428

    OneLogin Ruby-SAML 1.6.0 and earlier may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the a... Read more

    Affected Products : ruby-saml
    • EPSS Score: %0.44
    • Published: Apr. 17, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291616 Results