Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2014-9923

    In NAS in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9436

    TeamPass before 2.1.27.4 is vulnerable to a SQL injection in users.queries.php.... Read more

    Affected Products : teampass
    • EPSS Score: %0.23
    • Published: Jun. 05, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-8841

    Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The attack methodology is absolute path traversal in cgi-bin/MANGA/firmware_pro... Read more

    • EPSS Score: %4.46
    • Published: Jun. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8838

    XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi.... Read more

    • EPSS Score: %2.05
    • Published: Jun. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8440

    Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.... Read more

    Affected Products : kibana
    • EPSS Score: %0.34
    • Published: Jun. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2012-6705

    Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Status Update field.... Read more

    Affected Products : jamroom
    • EPSS Score: %0.23
    • Published: Jun. 04, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-3740

    In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality.... Read more

    Affected Products : active_protection_system
    • EPSS Score: %0.04
    • Published: Jun. 04, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-8231

    In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate.... Read more

    Affected Products : lenovo_service_bridge
    • EPSS Score: %0.10
    • Published: Jun. 04, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-8229

    A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed.... Read more

    Affected Products : lenovo_service_bridge
    • EPSS Score: %0.16
    • Published: Jun. 04, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-8228

    In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.... Read more

    Affected Products : lenovo_service_bridge
    • EPSS Score: %0.04
    • Published: Jun. 04, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-0896

    Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat application server that allowed an authenticated user to invite other users to join a Zulip organization even if the organ... Read more

    Affected Products : zulip_server
    • EPSS Score: %0.18
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-9380

    OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.... Read more

    Affected Products : openemr
    • EPSS Score: %0.55
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-9379

    Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear parameter to core\admin\modules\dashboard\vitals-statistics\404\clear.php and the from or to parameter to core\admin\modules\dashboard\vitals-statistics\404\create-301.php.... Read more

    Affected Products : bigtree_cms
    • EPSS Score: %0.11
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-9378

    BigTree CMS through 4.2.18 does not prevent a user from deleting their own account. This could have security relevance because deletion was supposed to be an admin-only action, and the admin may have other tasks (such as data backups) to complete before a... Read more

    Affected Products : bigtree_cms
    • EPSS Score: %0.12
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9364

    Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an attacker uploads an 'xxx.pht' or 'xxx.phtml' file, they could bypass a safety check and execute any code.... Read more

    Affected Products : bigtree_cms
    • EPSS Score: %0.34
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9361

    WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php.... Read more

    Affected Products : websitebaker
    • EPSS Score: %0.24
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9360

    WebsiteBaker v2.10.0 has a SQL injection vulnerability in /account/details.php.... Read more

    Affected Products : websitebaker
    • EPSS Score: %0.25
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-7999

    Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote authenticated users with certain privileges to cause a denial of service (E2 service outage) via unspecified vectors.... Read more

    Affected Products : eucalyptus
    • EPSS Score: %0.48
    • Published: Jun. 01, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-9307

    SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows remote authenticated users to conduct port scans and access intranet servers via a crafted file parameter.... Read more

    Affected Products : allen_disk allendisk
    • EPSS Score: %0.19
    • Published: May. 31, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-8402

    PivotX 2.3.11 allows remote authenticated users to execute arbitrary PHP code via vectors involving an upload of a .htaccess file.... Read more

    Affected Products : pivotx
    • EPSS Score: %0.64
    • Published: May. 31, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291963 Results