Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2017-14946

    Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at mupdfnet64!mIncrementalSaveFil... Read more

    Affected Products : windows gsview
    • EPSS Score: %0.16
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14942

    Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie.... Read more

    Affected Products : wrn_150_firmware wrn_150
    • EPSS Score: %0.99
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14847

    Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter.... Read more

    Affected Products : wpams_apartment_management_system
    • EPSS Score: %0.75
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14844

    Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.... Read more

    Affected Products : wpgym_gym_management_system
    • EPSS Score: %0.75
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14527

    Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Docu... Read more

    • EPSS Score: %0.56
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-14525

    Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ ... Read more

    • EPSS Score: %0.18
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-1407

    IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary ... Read more

    • EPSS Score: %3.90
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-14765

    In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request.... Read more

    Affected Products : genixcms
    • EPSS Score: %0.24
    • Published: Sep. 27, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-8249

    The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.... Read more

    Affected Products : desktop_central
    • EPSS Score: %81.79
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-14753

    Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/module_filters/index.php.... Read more

    Affected Products : eyesofnetwork
    • EPSS Score: %0.15
    • Published: Sep. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14749

    JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in by... Read more

    Affected Products : jerryscript
    • EPSS Score: %0.82
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14704

    Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then a... Read more

    Affected Products : airbnb_clone
    • EPSS Score: %1.83
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-14744

    UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element.... Read more

    Affected Products : ueditor
    • EPSS Score: %0.30
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2015-6592

    Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell.... Read more

    Affected Products : uap2105_firmware uap2105
    • EPSS Score: %0.10
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-4669

    The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.... Read more

    Affected Products : xsuite
    • EPSS Score: %0.25
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-1555

    IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545.... Read more

    Affected Products : api_connect
    • EPSS Score: %0.22
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-14716

    In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter.... Read more

    Affected Products : epesi
    • EPSS Score: %0.21
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-14715

    In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter.... Read more

    Affected Products : epesi
    • EPSS Score: %0.21
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14079

    Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.... Read more

    Affected Products : mobile_security
    • EPSS Score: %13.24
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-3770

    Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system.... Read more

    Affected Products : xclarity_administrator
    • EPSS Score: %0.46
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292628 Results