Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2017-15683

    In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.... Read more

    Affected Products : crafter_cms
    • Published: Nov. 27, 2020
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2017-15682

    In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.... Read more

    Affected Products : crafter_cms
    • Published: Nov. 27, 2020
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2017-15681

    In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE.... Read more

    Affected Products : crafter_cms
    • Published: Nov. 27, 2020
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2017-15680

    In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.... Read more

    Affected Products : crafter_cms
    • Published: Nov. 27, 2020
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-15665

    In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 8094.... Read more

    Affected Products : diskboss
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-15664

    In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9121.... Read more

    Affected Products : syncbreeze
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-15663

    In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9120.... Read more

    Affected Products : disk_pulse
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2017-15662

    In Flexense VX Search Enterprise v10.1.12, the Control Protocol suffers from a denial of service vulnerability. The attack vector is a crafted SERVER_GET_INFO packet sent to control port 9123.... Read more

    Affected Products : vx_search
    • Published: Jan. 10, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-15656

    Password are stored in plaintext in nvram in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt.... Read more

    Affected Products : asuswrt
    • Published: Jan. 31, 2018
    • Modified: Nov. 21, 2024

  • 9.6

    CRITICAL
    CVE-2017-15655

    Multiple buffer overflow vulnerabilities exist in the HTTPd server in Asus asuswrt version <=3.0.0.4.376.X. All have been fixed in version 3.0.0.4.378, but this vulnerability was not previously disclosed. Some end-of-life routers have this version as the ... Read more

    Affected Products : asuswrt
    • Published: Jan. 31, 2018
    • Modified: Nov. 21, 2024

  • 8.3

    HIGH
    CVE-2017-15654

    Highly predictable session tokens in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allow gaining administrative router access.... Read more

    Affected Products : asuswrt
    • Published: Jan. 31, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2017-15653

    Improper administrator IP validation after his login in the HTTPd server in all current versions (<= 3.0.0.4.380.7743) of Asus asuswrt allows an unauthorized user to execute any action knowing administrator session token by using a specific User-Agent str... Read more

    Affected Products : asuswrt asuswrt
    • Published: Jan. 31, 2018
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2017-15652

    Artifex Ghostscript 9.22 is affected by: Obtain Information. The impact is: obtain sensitive information. The component is: affected source code file, affected function, affected executable, affected libga (imagemagick used that). The attack vector is: So... Read more

    Affected Products : ghostscript
    • Published: May. 23, 2019
    • Modified: Nov. 21, 2024

  • 5.4

    MEDIUM
    CVE-2017-15640

    app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip parameter.... Read more

    Affected Products : phpipam
    • Published: Apr. 21, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-15637

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the pptphellointerval variable in the pptp_server.lua file.... Read more

    • Published: Jan. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-15636

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-time variable in the webfilter.lua file.... Read more

    • Published: Jan. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-15635

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the max_conn variable in the session_limits.lua file.... Read more

    • Published: Jan. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-15634

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the name variable in the wportal.lua file.... Read more

    • Published: Jan. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-15633

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-ipgroup variable in the session_limits.lua file.... Read more

    • Published: Jan. 11, 2018
    • Modified: Nov. 21, 2024

  • 9.0

    HIGH
    CVE-2017-15632

    TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-mppeencryption variable in the pptp_server.lua file.... Read more

    • Published: Jan. 11, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 293299 Results