Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-1000491

    Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration.... Read more

    Affected Products : shiba
    • EPSS Score: %0.37
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-1000490

    Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any authorized Mautic user session (must be logged into Mautic) to use the Filemanager to download any file from the server that the web user has access to.... Read more

    Affected Products : mautic mautic
    • EPSS Score: %0.34
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2017-1000489

    Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow a disabled user to still login using email address... Read more

    Affected Products : mautic mautic
    • EPSS Score: %0.27
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-1000488

    Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form.... Read more

    Affected Products : mautic mautic
    • EPSS Score: %0.24
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1000487

    Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.... Read more

    Affected Products : debian_linux plexus-utils plexus-utils
    • EPSS Score: %13.17
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-1000485

    Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, which allows local users to obtain sensitive authentication information via standard filesystem operations.... Read more

    Affected Products : nylas_mail
    • EPSS Score: %0.04
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-1000484

    By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attac... Read more

    Affected Products : plone
    • EPSS Score: %0.20
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-1000483

    Accessing private content via str.format in through-the-web templates and scripts in Plone 2.5-5.1rc1. This improves an earlier hotfix. Since the format method was introduced in Python 2.6, this part of the hotfix is only relevant for Plone 4 and 5.... Read more

    Affected Products : plone
    • EPSS Score: %0.29
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1000482

    A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page.... Read more

    Affected Products : plone
    • EPSS Score: %0.29
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-1000481

    When you visit a page where you need to login, Plone 2.5-5.1rc1 sends you to the login form with a 'came_from' parameter set to the previous url. After you login, you get redirected to the page you tried to view before. An attacker might try to abuse this... Read more

    Affected Products : plone
    • EPSS Score: %0.20
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1000480

    Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.... Read more

    Affected Products : smarty
    • EPSS Score: %0.86
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-1000479

    pfSense versions 2.4.1 and lower are vulnerable to clickjacking attacks in the CSRF error page resulting in privileged execution of arbitrary code, because the error detection occurs before an X-Frame-Options header is set. This is fixed in 2.4.2-RELEASE.... Read more

    Affected Products : pfsense opnsense
    • EPSS Score: %18.99
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-1000478

    ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service.... Read more

    Affected Products : elabftw
    • EPSS Score: %0.32
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-1000477

    XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result in denial of service attacks.... Read more

    Affected Products : xmlbundle
    • EPSS Score: %0.30
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2017-1000476

    ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in the function ReadDDSInfo in coders/dds.c, which allows attackers to cause a denial of service.... Read more

    Affected Products : ubuntu_linux debian_linux imagemagick
    • EPSS Score: %0.63
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-1000475

    FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service allowing local users to launch processes with elevated privileges.... Read more

    Affected Products : freesshd
    • EPSS Score: %0.41
    • Published: Jan. 24, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1000474

    Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php, and login/sell.php scripts resulting in the expose of user's... Read more

    Affected Products : vehicle_sales_management_system
    • EPSS Score: %2.59
    • Published: Jan. 24, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2017-1000473

    Linux Dash up to version v2 is vulnerable to multiple command injection vulnerabilities in the way module names are parsed and then executed resulting in code execution on the server, potentially as root.... Read more

    Affected Products : linux-dash
    • EPSS Score: %0.32
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-1000472

    The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO C++ Libraries before 1.8 does not properly restrict the filename value in the ZIP header, which allows attackers to conduct absolute path traversal attacks during the ZIP decompression... Read more

    Affected Products : debian_linux poco
    • EPSS Score: %0.47
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-1000471

    EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service.... Read more

    Affected Products : goahead
    • EPSS Score: %0.28
    • Published: Jan. 03, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291562 Results