Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-14802

    Novell Access Manager Admin Console and IDP servers before 4.3.3 have a URL that could be used by remote attackers to trigger unvalidated redirects to third party sites.... Read more

    Affected Products : access_manager
    • EPSS Score: %0.21
    • Published: Mar. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-14801

    Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed attackers to reflect back xss into the called page using the url parameter.... Read more

    Affected Products : access_manager
    • EPSS Score: %0.18
    • Published: Mar. 02, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-14800

    A reflected cross site scripting attack in the NetIQ Access Manager before 4.3.3 using the "typecontainerid" parameter of the policy editor could allowed code injection into pages of authenticated users.... Read more

    Affected Products : access_manager
    • EPSS Score: %0.20
    • Published: Mar. 01, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-14799

    A cross site scripting attack in handling the ESP login parameter handling in NetIQ Access Manager before 4.3.3 could be used to inject javascript code into the login page.... Read more

    Affected Products : access_manager
    • EPSS Score: %0.18
    • Published: Mar. 01, 2018
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2017-14798

    A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.... Read more

    • EPSS Score: %0.19
    • Published: Mar. 01, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-14742

    Buffer overflow in LabF nfsAxe FTP client 3.7 allows an attacker to execute code remotely.... Read more

    Affected Products : nfsaxe
    • EPSS Score: %1.00
    • Published: Oct. 25, 2019
    • Modified: Nov. 21, 2024

  • 4.8

    MEDIUM
    CVE-2017-14740

    Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allows remote authenticated users to inject arbitrary web script or HTML via the Menu ID when adding a menu.... Read more

    Affected Products : genixcms
    • EPSS Score: %0.17
    • Published: Apr. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-14728

    An authentication bypass was found in an unknown area of the SiteOmat source code. All SiteOmat BOS versions are affected, prior to the submission of this exploit. Also, the SiteOmat does not force administrators to switch passwords, leaving SSH and HTTP ... Read more

    Affected Products : siteomat
    • EPSS Score: %10.78
    • Published: Jun. 03, 2019
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-14710

    The Shein Group Ltd. "SHEIN - Fashion Shopping" app -- aka shein fashion-shopping/id878577184 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a ... Read more

    Affected Products : shein-fashion_shopping_online
    • EPSS Score: %0.13
    • Published: Jul. 12, 2018
    • Modified: Nov. 21, 2024

  • 7.4

    HIGH
    CVE-2017-14709

    The komoot GmbH "Komoot - Cycling & Hiking Maps" app before 9.3.2 -- aka komoot-cycling-hiking-maps/id447374873 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive ... Read more

    Affected Products : komoot
    • EPSS Score: %0.12
    • Published: Jul. 12, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-14699

    Multiple XML external entity (XXE) vulnerabilities in the AiCloud feature on ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and ... Read more

    • EPSS Score: %0.32
    • Published: Jan. 29, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-14698

    ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, DSL-AC56U, DSL-N10_C1, DSL-N12U C1, DSL-N12E C1, DSL-N14U, DSL-N14U-B1, DSL-N16, DSL-N16U, DSL-N17U, DSL-N66U, and DSL-AC750 routers allow remote attackers to change passwords of arbitrary use... Read more

    • EPSS Score: %0.45
    • Published: Jan. 29, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2017-14612

    "Shpock Boot Sale & Classifieds" app before 3.17.0 -- aka shpock-boot-sale-classifieds/id557153158 -- for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information v... Read more

    Affected Products : shpock
    • EPSS Score: %0.13
    • Published: Jul. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.1

    CRITICAL
    CVE-2017-14611

    SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote attackers to read arbitrary files or send TCP traffic to intranet hosts via the url parameter, related to use of the discontinued aheinze/fetch_url_contents component.... Read more

    Affected Products : cockpit
    • EPSS Score: %0.31
    • Published: Apr. 10, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-14594

    The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query para... Read more

    Affected Products : jira jira_server
    • EPSS Score: %0.22
    • Published: Jan. 12, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-14593

    Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows is able to exploit this issue to gain code execution on... Read more

    Affected Products : sourcetree
    • EPSS Score: %2.13
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-14592

    Sourcetree for macOS had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for macOS is able to exploit this issue to gain code execution on the... Read more

    Affected Products : sourcetree
    • EPSS Score: %2.13
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-14537

    trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to /maint/index.php?packages or the lang parameter to /maint/modules/home/index.php.... Read more

    Affected Products : trixbox
    • EPSS Score: %90.75
    • Published: Feb. 16, 2018
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-14536

    trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or /user/includes/language/langChooser.php.... Read more

    Affected Products : trixbox
    • EPSS Score: %0.28
    • Published: Feb. 16, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-14535

    trixbox 2.8.0.4 has OS command injection via shell metacharacters in the lang parameter to /maint/modules/home/index.php.... Read more

    Affected Products : trixbox
    • EPSS Score: %91.28
    • Published: Feb. 16, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 292199 Results