Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-14515

    Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 allows remote attackers to cause a denial of service (temporary HTTP outage and forced logout) via unspecified vectors.... Read more

    Affected Products : w15e_firmware w15e
    • EPSS Score: %0.65
    • Published: Sep. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-14514

    Directory Traversal on Tenda W15E devices before 15.11.0.14 allows remote attackers to read unencrypted files via a crafted URL.... Read more

    Affected Products : w15e_firmware w15e
    • EPSS Score: %0.41
    • Published: Sep. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14512

    NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an editforum action, a different vulnerability than CVE-2017-12981.... Read more

    Affected Products : nexusphp
    • EPSS Score: %0.25
    • Published: Sep. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-14243

    An authentication bypass vulnerability on UTStar WA3002G4 ADSL Broadband Modem WA3002G4-0021.01 devices allows attackers to directly access administrative settings and obtain cleartext credentials from HTML source, as demonstrated by info.cgi, upload.cgi,... Read more

    Affected Products : wa3002g4_firmware wa3002g4
    • EPSS Score: %60.33
    • Published: Sep. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-1527

    Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727.... Read more

    Affected Products : android
    • EPSS Score: %0.03
    • Published: Sep. 15, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2015-0110

    IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName ... Read more

    • EPSS Score: %0.09
    • Published: Sep. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2014-9463

    functions_vbseo_hook.php in the VBSEO module for vBulletin allows remote authenticated users to execute arbitrary code via the HTTP Referer header to visitormessage.php.... Read more

    Affected Products : vbulletin vbseo
    • EPSS Score: %13.85
    • Published: Sep. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2014-7808

    Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider.... Read more

    Affected Products : wicket
    • EPSS Score: %0.20
    • Published: Sep. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-10858

    Untrusted search path vulnerability in "i-filter 6.0 install program" file version 1.0.8.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : i-filter_installer
    • EPSS Score: %0.14
    • Published: Sep. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-10855

    Untrusted search path vulnerability in FENCE-Explorer for Windows V8.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    • EPSS Score: %0.14
    • Published: Sep. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-10846

    Wi-Fi STATION L-02F Software version V10b and earlier allows remote attackers to bypass access restrictions to obtain information on device settings via unspecified vectors.... Read more

    • EPSS Score: %0.21
    • Published: Sep. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.7

    HIGH
    CVE-2017-10814

    Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : wlr_300_nm_firmware wlr_300_nm
    • EPSS Score: %0.26
    • Published: Sep. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.7

    HIGH
    CVE-2017-10813

    CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.... Read more

    Affected Products : wlr_300_nm_firmware wlr_300_nm
    • EPSS Score: %0.27
    • Published: Sep. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-14483

    flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 for Celery Flower sets PID file ownership to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modi... Read more

    Affected Products : dev-python-flower
    • EPSS Score: %0.03
    • Published: Sep. 15, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-0785

    A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698.... Read more

    Affected Products : android
    • EPSS Score: %10.69
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-0783

    A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701.... Read more

    Affected Products : android
    • EPSS Score: %0.11
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-0782

    A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237.... Read more

    Affected Products : android
    • EPSS Score: %44.22
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-0781

    A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105.... Read more

    Affected Products : android
    • EPSS Score: %48.94
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-13761

    The Fastly CDN module before 1.2.26 for Magento2, when used with a third-party authentication plugin, might allow remote authenticated users to obtain sensitive information from authenticated sessions via vectors involving caching of redirect responses.... Read more

    Affected Products : fastly
    • EPSS Score: %0.28
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-1002151

    Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization... Read more

    Affected Products : pagure
    • EPSS Score: %0.28
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292001 Results