Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2017-11191

    FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor state... Read more

    Affected Products : freeipa
    • EPSS Score: %0.07
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-8249

    The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.... Read more

    Affected Products : desktop_central
    • EPSS Score: %81.79
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-7349

    Cross-site scripting (XSS) vulnerability in the sample feedback.inc file in VASCO DIGIPASS authentication plug-in for Citrix Web Interface allows remote attackers to inject arbitrary web script or HTML via the failmessage parameter.... Read more

    Affected Products : digipass
    • EPSS Score: %0.36
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2015-1537

    Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application.... Read more

    Affected Products : android
    • EPSS Score: %0.64
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2014-8889

    Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack.... Read more

    Affected Products : dropbox_sdk
    • EPSS Score: %8.26
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-14753

    Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/module_filters/index.php.... Read more

    Affected Products : eyesofnetwork
    • EPSS Score: %0.15
    • Published: Sep. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-14751

    The Intense WP "WP Jobs" plugin 1.5 for WordPress has XSS, related to the Job Qualification field.... Read more

    Affected Products : wp_jobs
    • EPSS Score: %0.24
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14749

    JerryScript 1.0 allows remote attackers to cause a denial of service (jmem_heap_alloc_block_internal heap memory corruption) or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in by... Read more

    Affected Products : jerryscript
    • EPSS Score: %0.82
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-14748

    Race condition in Blizzard Overwatch 1.15.0.2 allows remote authenticated users to cause a denial of service (season bans and SR losses for other users) by leaving a competitive match at a specific time during the initial loading of that match.... Read more

    Affected Products : overwatch
    • EPSS Score: %0.42
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1425

    IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure w... Read more

    Affected Products : business_process_manager
    • EPSS Score: %0.27
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-7391

    Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date parameter to lib/results/tcCreatedPerUserOnTestProject.php... Read more

    Affected Products : testlink
    • EPSS Score: %0.22
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-7390

    SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php.... Read more

    Affected Products : testlink
    • EPSS Score: %0.40
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14704

    Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then a... Read more

    Affected Products : airbnb_clone
    • EPSS Score: %1.83
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2015-0874

    Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate.... Read more

    Affected Products : android iphone_os smart_passbook
    • EPSS Score: %0.50
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-14744

    UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element.... Read more

    Affected Products : ueditor
    • EPSS Score: %0.30
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9957

    A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with high-pr... Read more

    Affected Products : u.motion_builder
    • EPSS Score: %0.44
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-7971

    A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SS... Read more

    • EPSS Score: %0.13
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-8707

    Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer f... Read more

    Affected Products : magento
    • EPSS Score: %0.20
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2014-8156

    The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, f... Read more

    • EPSS Score: %0.06
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2014-0997

    WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 a... Read more

    Affected Products : android razr_hd nexus_5 nexus_4 d806 sm-t310
    • EPSS Score: %17.26
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291891 Results