Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2017-17518

    swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOT... Read more

    Affected Products : white_dune
    • EPSS Score: %0.59
    • Published: Dec. 14, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-17683

    Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 \\.\PSMEMDriver DeviceIoControl request.... Read more

    Affected Products : panda_global_protection
    • EPSS Score: %0.26
    • Published: Dec. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17672

    In vBulletin through 5.3.x, there is an unauthenticated deserialization vulnerability that leads to arbitrary file deletion and, under certain circumstances, code execution, because of unsafe usage of PHP's unserialize() in vB_Library_Template's cacheTemp... Read more

    Affected Products : vbulletin
    • EPSS Score: %8.28
    • Published: Dec. 14, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2017-1716

    IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose sensitive information to a local attacker due to improper permission settings. IBM X-Force ID: 134638.... Read more

    Affected Products : tivoli_workload_scheduler
    • EPSS Score: %0.04
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17648

    Entrepreneur Dating Script 2.0.1 has SQL Injection via the search_result.php marital, gender, country, or profileid parameter.... Read more

    Affected Products : entrepreneur_dating_script
    • EPSS Score: %1.41
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17638

    Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php state_id parameter.... Read more

    Affected Products : groupon_clone_script
    • EPSS Score: %2.51
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17636

    MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid parameter.... Read more

    Affected Products : mlm_forced_matrix
    • EPSS Score: %2.51
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-1355

    IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 1266... Read more

    • EPSS Score: %0.19
    • Published: Dec. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17630

    Yoga Class Script 1.0 has SQL Injection via the /list city parameter.... Read more

    Affected Products : yoga_class_script
    • EPSS Score: %2.51
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17624

    PHP Multivendor Ecommerce 1.0 has SQL Injection via the single_detail.php sid parameter, or the category.php searchcat or chid1 parameter.... Read more

    Affected Products : php_multivendor_ecommerce
    • EPSS Score: %2.51
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17606

    Co-work Space Search Script 1.0 has SQL Injection via the /list city parameter.... Read more

    Affected Products : co-work_space_search_script
    • EPSS Score: %2.51
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17600

    Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id parameter.... Read more

    Affected Products : basic_b2b_script
    • EPSS Score: %2.51
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17578

    FS Crowdfunding Script 1.0 has SQL Injection via the latest_news_details.php id parameter.... Read more

    Affected Products : crowdfunding_script
    • EPSS Score: %2.38
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17570

    FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php id parameter, or the show-flight-result.php fl_orig or fl_dest parameter.... Read more

    Affected Products : expedia_clone
    • EPSS Score: %2.38
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-17567

    Scubez Posty Readymade Classifieds has SQL Injection via the admin/user_activate_submit.php ID parameter.... Read more

    Affected Products : posty_readymade_classifieds
    • EPSS Score: %0.25
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.4

    HIGH
    CVE-2017-14361

    Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio Management Center, version 9.32. This vulnerability could be exploited to allow a Man-in-the-middle attack.... Read more

    Affected Products : project_and_portfolio_management
    • EPSS Score: %0.25
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-16690

    A malicious DLL preload attack possible on NwSapSetup and Installation self-extracting program for SAP Plant Connectivity 2.3 and 15.0. It is possible that SAPSetup / NwSapSetup.exe loads system DLLs like DWMAPI.dll (located in your Syswow64 / System32 fo... Read more

    Affected Products : plant_connectivity
    • EPSS Score: %0.33
    • Published: Dec. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-16689

    A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, SAP KERNEL 64NUC, SAP KERNEL 64Unicode 7.21, 7.21EXT, 7.22, 7.22EXT; SAP KERNEL from 7.21 to 7.22, 7.45, 7.49, can be established to a different client or a different user on the same sys... Read more

    Affected Products : sap_kernel sap_kernel
    • EPSS Score: %0.33
    • Published: Dec. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-16684

    SAP Business Intelligence Promotion Management Application, Enterprise 4.10, 4.20, and 4.30, does not perform authentication checks for functionalities that require user identity.... Read more

    • EPSS Score: %0.51
    • Published: Dec. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-16682

    SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 to 7.02, 7.30, 7.31, 7.40, from 7.50 to 7.52, allows an attacker with administrator credentials to inject code that can be executed by the application and thereby control the behavior of... Read more

    • EPSS Score: %0.55
    • Published: Dec. 12, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292625 Results