Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2017-14922

    Stored XSS vulnerability via IMG element at "History" of Profile, Calendar, Tasks, and CRM in Tine 2.0 Community Edition before 2017.08.4 allows an authenticated user to inject JavaScript, which is mishandled during rendering by the application administra... Read more

    Affected Products : tine_2.0
    • EPSS Score: %0.32
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12638

    Stack based buffer overflow in Ipswitch IMail server up to and including 12.5.5 allows remote attackers to execute arbitrary code via unspecified vectors in IMmailSrv, aka ETBL or ETCETERABLUE.... Read more

    Affected Products : imail_server
    • EPSS Score: %0.19
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11496

    Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via malformed ASN.1 streams in V2C and similar input files.... Read more

    Affected Products : sentinel_ldk_rte desigo_cc
    • EPSS Score: %8.27
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-11321

    The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command.... Read more

    Affected Products : wireless_appliance
    • EPSS Score: %7.37
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-7357

    Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) theme 2.3.0 before 2.7.10 for WordPress allows remote attackers to inject arbitrary web script or HTML via a fragment identifier, as demonstrated by #<svg onload=alert(1)>.... Read more

    Affected Products : udesign
    • EPSS Score: %0.34
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-6971

    Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed Lenovo executables.... Read more

    Affected Products : system_update
    • EPSS Score: %0.12
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-14958

    lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file.... Read more

    Affected Products : pivotx
    • EPSS Score: %0.58
    • Published: Oct. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-14941

    Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and reading the HTML source code of the page reached in an Edit... Read more

    Affected Products : jasperreports
    • EPSS Score: %0.18
    • Published: Oct. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.9

    HIGH
    CVE-2017-14797

    Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys (and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories) by lev... Read more

    • EPSS Score: %0.08
    • Published: Oct. 01, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14947

    Artifex GSView 6.0 Beta on Windows allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at mupdfnet64!mIncrementalSaveFile+0x0000000000193359."... Read more

    Affected Products : windows gsview
    • EPSS Score: %0.39
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14946

    Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at mupdfnet64!mIncrementalSaveFil... Read more

    Affected Products : windows gsview
    • EPSS Score: %0.16
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14945

    Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Possible Stack Corruption starting at KERNELBASE!RaiseException+0x0000000000000068."... Read more

    Affected Products : windows gsview
    • EPSS Score: %0.16
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-14944

    Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060.... Read more

    Affected Products : proget
    • EPSS Score: %0.24
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14942

    Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie.... Read more

    Affected Products : wrn_150_firmware wrn_150
    • EPSS Score: %0.99
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-14935

    Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly validate requests, which allows remote users to query and obtain sensitive information.... Read more

    Affected Products : pulse_one_on-premise
    • EPSS Score: %0.28
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 8.0

    HIGH
    CVE-2017-14925

    Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki before 16.3, 17.x before 17.1, 12 LTS before 12.12 LTS, and 15 LTS before 15.5 LTS allows an authenticated user to edit global permissions if an administrator opens a wiki page with a... Read more

    Affected Products : tikiwiki_cms\/groupware
    • EPSS Score: %0.17
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-14582

    The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a self-signed certificate.... Read more

    Affected Products : site24x7_mobile_network_poller
    • EPSS Score: %0.24
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-14350

    A potential security vulnerability has been identified in HPE Application Performance Management (BSM) Platform versions 9.26, 9.30, 9.40. The vulnerability could be remotely exploited to allow code execution.... Read more

    • EPSS Score: %1.13
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-13684

    Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE before 43.211 allow remote authenticated users to cause a denial of service (program crash) or have unspecified other impact via vectors related to incorrect literal handling, which trig... Read more

    Affected Products : mcp-firmware
    • EPSS Score: %0.14
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-8444

    The client-forwarder in Elastic Cloud Enterprise versions prior to 1.0.2 do not properly encrypt traffic to ZooKeeper. If an attacker is able to man in the middle (MITM) the traffic between the client-forwarder and ZooKeeper they could potentially obtain ... Read more

    • EPSS Score: %0.12
    • Published: Sep. 29, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291921 Results