Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2017-7922

    An Improper Privilege Management issue was discovered in Cambium Networks ePMP. The privileges for SNMP community strings are not properly restricted, which may allow an attacker to gain access to sensitive information and possibly allow for configuration... Read more

    • EPSS Score: %38.10
    • Published: Jun. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-1302

    IBM Sterling B2B Integrator Standard Edition 5.2 could allow a local user view sensitive information due to improper access controls. IBM X-Force ID: 125456.... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.06
    • Published: Jun. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-1131

    IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information by using unsupported, specially crafted HTTP commands. IBM X-Force ID: 121375.... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.19
    • Published: Jun. 23, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-5893

    IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 115336.... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.07
    • Published: Jun. 23, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-3948

    Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee Data Loss Prevention Endpoint (DLP Endpoint) 10.0.x allows authenticated users to inject arbitrary web script or HTML via injecting malicious JavaScript into a user's browsing session.... Read more

    Affected Products : data_loss_prevention_endpoint
    • EPSS Score: %0.29
    • Published: Jun. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9356

    Sitecore.NET 7.1 through 7.2 has a Cross Site Scripting Vulnerability via the searchStr parameter to the /Search-Results URI.... Read more

    Affected Products : sitecore.net
    • EPSS Score: %0.21
    • Published: Jun. 23, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-9098

    In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is... Read more

    Affected Products : sql_monitor
    • EPSS Score: %39.99
    • Published: Jun. 22, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-1326

    IBM Sterling File Gateway does not properly restrict user requests based on permission level. This allows for users to update data related to other users, by manipulating the parameters passed in the POST request. IBM X-Force ID: 126060.... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.14
    • Published: Jun. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-9982

    IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user to obtain sensitive information such as account lists due to improper access control. IBM X-Force ID: 120274.... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.28
    • Published: Jun. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9424

    IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers to execute arbitrary code, related to use of TypeNameHandling in JSON deserialization.... Read more

    Affected Products : breeze.server.net
    • EPSS Score: %4.73
    • Published: Jun. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2017-7918

    An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups using specific MIBs. These backups lack proper access con... Read more

    • EPSS Score: %42.23
    • Published: Jun. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-6050

    A SQL Injection issue was discovered in Ecava IntegraXor Versions 5.2.1231.0 and prior. The application fails to properly validate user input, which may allow for an unauthenticated attacker to remotely execute arbitrary code in the form of SQL queries.... Read more

    Affected Products : integraxor
    • EPSS Score: %1.27
    • Published: Jun. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-6045

    An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information.... Read more

    Affected Products : vtscada
    • EPSS Score: %0.52
    • Published: Jun. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.1

    CRITICAL
    CVE-2017-2831

    An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitr... Read more

    • EPSS Score: %1.10
    • Published: Jun. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9771

    install\save.php in WebsiteBaker v2.10.0 allows remote attackers to execute arbitrary PHP code via the database_username, database_host, or database_password parameter.... Read more

    Affected Products : websitebaker
    • EPSS Score: %0.78
    • Published: Jun. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-3745

    In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data is downloaded from LXCA, a non-administrative user may have access to password information for users that have previously authenticated to the LXCA's internal LDAP server, including adm... Read more

    Affected Products : xclarity_administrator
    • EPSS Score: %0.10
    • Published: Jun. 20, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-15210

    In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user.... Read more

    Affected Products : kanboard
    • EPSS Score: %0.29
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-15209

    In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments from a private project of another user.... Read more

    Affected Products : kanboard
    • EPSS Score: %0.47
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-15208

    In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic actions from a private project of another user.... Read more

    Affected Products : kanboard
    • EPSS Score: %0.49
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-15206

    In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link to a private project of another user.... Read more

    Affected Products : kanboard
    • EPSS Score: %0.49
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291918 Results