Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.0

    HIGH
    CVE-2017-14925

    Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with a... Read more

    Affected Products : tikiwiki_cms\/groupware
    • EPSS Score: %0.17
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-14582

    The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate.... Read more

    Affected Products : site24x7_mobile_network_poller
    • EPSS Score: %0.24
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-14350

    A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution.... Read more

    • EPSS Score: %1.13
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-13684

    Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE before 43.211 allow remote authenticated users to cause a denial of service (program crash) or have unspecified other impact via vectors related to incorrect literal handling, which trig... Read more

    Affected Products : mcp-firmware
    • EPSS Score: %0.14
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-8444

    The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain ... Read more

    • EPSS Score: %0.12
    • Published: Sep. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14507

    Multiple SQL injection vulnerabilities in the Content Timeline plugin 4.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) timeline parameter in content_timeline_class.php; or the id parameter to (2) pages/content_timel... Read more

    Affected Products : content_timeline
    • EPSS Score: %7.95
    • Published: Sep. 29, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14847

    Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter.... Read more

    Affected Products : wpams_apartment_management_system
    • EPSS Score: %0.75
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14845

    Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter.... Read more

    Affected Products : wpchurch_church_management_system
    • EPSS Score: %0.75
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14844

    Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.... Read more

    Affected Products : wpgym_gym_management_system
    • EPSS Score: %0.75
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-14775

    Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison.... Read more

    Affected Products : laravel framework
    • EPSS Score: %0.29
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-14622

    Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon Affiliates Store plugin before 2.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter or (2) kbAction parameter in the kbAmz page t... Read more

    Affected Products : 2kb_amazon_affiliates_store
    • EPSS Score: %0.87
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14527

    Multiple XML external entity (XXE) vulnerabilities in the OpenText Documentum Webtop 6.8.0160.0073 allow remote authenticated users to list the contents of arbitrary directories, read arbitrary files, cause a denial of service, or, on Windows, obtain Docu... Read more

    • EPSS Score: %0.56
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-14525

    Multiple open redirect vulnerabilities in OpenText Documentum Webtop 6.8.0160.0073 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a (1) URL in the startat parameter to xda/help/en/default.htm or (2) /%09/ ... Read more

    • EPSS Score: %0.18
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-1407

    IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary ... Read more

    • EPSS Score: %3.90
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-14765

    In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a page=menus request.... Read more

    Affected Products : genixcms
    • EPSS Score: %0.24
    • Published: Sep. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-11191

    FreeIPA 4.x with API version 2.213 allows a remote authenticated users to bypass intended account-locking restrictions via an unlock action with an old session ID (for the same user account) that had been created for an earlier session. NOTE: Vendor state... Read more

    Affected Products : freeipa
    • EPSS Score: %0.07
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-8249

    The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter.... Read more

    Affected Products : desktop_central
    • EPSS Score: %81.79
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-7349

    Cross-site scripting (XSS) vulnerability in the sample feedback.inc file in VASCO DIGIPASS authentication plug-in for Citrix Web Interface allows remote attackers to inject arbitrary web script or HTML via the failmessage parameter.... Read more

    Affected Products : digipass
    • EPSS Score: %0.36
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2015-1537

    Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application.... Read more

    Affected Products : android
    • EPSS Score: %0.64
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2014-8889

    Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack.... Read more

    Affected Products : dropbox_sdk
    • EPSS Score: %8.26
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291906 Results