Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-14413

    D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices have XSS in the action parameter to htdocs/web/wpsacts.php.... Read more

    Affected Products : dir-850l_firmware dir-850l
    • EPSS Score: %0.25
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-3165

    In Apache Brooklyn before 0.10.0, the REST server is vulnerable to cross-site scripting where one authenticated user can cause scripts to run in the browser of another user authorized to access the first user's resources. This is due to improper escaping ... Read more

    Affected Products : brooklyn
    • EPSS Score: %0.27
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2016-8744

    Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. SnakeYAML allows the use of YAML tags to indicate that SnakeYAML should unmarshal data to a Java type. In the default configuration in Brooklyn before 0.10.0, SnakeYAML will allow unmarsh... Read more

    Affected Products : brooklyn
    • EPSS Score: %0.46
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-11351

    Axesstel MU553S MU55XS-V1.14 devices have a default password of admin for the admin account.... Read more

    Affected Products : mu553s_firmware mu553s
    • EPSS Score: %0.28
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-14410

    A buffer over-read was discovered in III_i_stereo in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an application crash, which leads to remote denial of service.... Read more

    Affected Products : mp3gain
    • EPSS Score: %0.24
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14409

    A buffer overflow was discovered in III_dequantize_sample in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution.... Read more

    Affected Products : mp3gain
    • EPSS Score: %1.32
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-14404

    The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file inclusion via the tool_list parameter (aka the url_tool variable) to module/tool_all/select_tool.php, as demonstrated by a tool_list=php://filter/ substring.... Read more

    Affected Products : eyesofnetwork
    • EPSS Score: %0.32
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14403

    The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection via the term parameter to module/admin_group/search.php.... Read more

    Affected Products : eyesofnetwork
    • EPSS Score: %0.25
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-1451

    IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 (includes DB2 Connect Server) could allow a local user with DB2 instance owner privileges to obtain root access. IBM X-Force ID: 128178.... Read more

    Affected Products : linux_kernel db2 windows db2_connect
    • EPSS Score: %0.06
    • Published: Sep. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14397

    AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability.... Read more

    Affected Products : anydesk windows
    • EPSS Score: %0.49
    • Published: Sep. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-1162

    IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 122957.... Read more

    • EPSS Score: %0.30
    • Published: Sep. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-14347

    NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to fun.php in a delete action.... Read more

    Affected Products : nexusphp
    • EPSS Score: %0.24
    • Published: Sep. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14346

    upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file upload and PHP code execution by using the image/jpeg, image/pjpeg, image/png, or image/gif content type for a .php file.... Read more

    Affected Products : blog blog
    • EPSS Score: %0.97
    • Published: Sep. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14266

    tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file, a related issue to CVE-2016-6160.... Read more

    Affected Products : tcpreplay
    • EPSS Score: %1.78
    • Published: Sep. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2015-9227

    PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL in the file_path parameter to upload/admin2.... Read more

    Affected Products : alegrocart
    • EPSS Score: %4.41
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2015-9226

    Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_filename function in upload/admin2/model/products/model_ad... Read more

    Affected Products : alegrocart
    • EPSS Score: %1.75
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-8353

    Cross-site scripting (XSS) vulnerability in the Role Scoper plugin before 1.3.67 for WordPress allows remote attackers to inject arbitrary web script or HTML via the object_name parameter in a rs-object_role_edit page to wp-admin/admin.php.... Read more

    Affected Products : role_scoper
    • EPSS Score: %0.45
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-8349

    Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 pre-alpha allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php.... Read more

    Affected Products : sourcebans
    • EPSS Score: %10.33
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2015-4688

    Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allow remote attackers to enumerate user accounts via a series of requests.... Read more

    Affected Products : banner_student
    • EPSS Score: %0.23
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14308

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ddd."... Read more

    Affected Products : stdu_viewer
    • EPSS Score: %0.05
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292016 Results