Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2015-7391

    Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.9.14 allow remote attackers to inject arbitrary web script or HTML via the (1) selected_end_date or (2) selected_start_date parameter to lib/results/tcCreatedPerUserOnTestProject.php... Read more

    Affected Products : testlink
    • EPSS Score: %0.22
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-7390

    SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php.... Read more

    Affected Products : testlink
    • EPSS Score: %0.40
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14704

    Multiple unrestricted file upload vulnerabilities in the (1) imageSubmit and (2) proof_submit functions in Claydip Laravel Airbnb Clone 1.0 allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then a... Read more

    Affected Products : airbnb_clone
    • EPSS Score: %1.83
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2015-0874

    Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information from encrypted communications via a crafted certificate.... Read more

    Affected Products : android iphone_os smart_passbook
    • EPSS Score: %0.50
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-14744

    UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element.... Read more

    Affected Products : ueditor
    • EPSS Score: %0.30
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9957

    A vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which the web service contains a hidden system account with a hardcoded password. An attacker can use this information to log into the system with high-pr... Read more

    Affected Products : u.motion_builder
    • EPSS Score: %0.44
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-7971

    A vulnerability exists in Schneider Electric's PowerSCADA Anywhere v1.0 redistributed with PowerSCADA Expert v8.1 and PowerSCADA Expert v8.2 and Citect Anywhere version 1.0 that allows the use of outdated cipher suites and improper verification of peer SS... Read more

    • EPSS Score: %0.13
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-8707

    Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via a crafted external service with access to the referrer f... Read more

    Affected Products : magento
    • EPSS Score: %0.20
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2014-8156

    The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (fsoaudiod, fsodatad, fsodeviced, fsogsmd, fsonetworkd, f... Read more

    • EPSS Score: %0.06
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2014-0997

    WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 a... Read more

    Affected Products : android razr_hd nexus_5 nexus_4 d806 sm-t310
    • EPSS Score: %17.26
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2016-5868

    drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote attackers to execute arbitrary code via a crafted application compromising a privileged process.... Read more

    Affected Products : android
    • EPSS Score: %0.94
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2015-8375

    Cross-site scripting (XSS) vulnerability in PHP-Fusion 9.... Read more

    Affected Products : php-fusion
    • EPSS Score: %0.25
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2015-6592

    Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell.... Read more

    Affected Products : uap2105_firmware uap2105
    • EPSS Score: %0.10
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2015-5263

    pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration.... Read more

    Affected Products : pulp
    • EPSS Score: %0.30
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14730

    The init script in the Gentoo app-admin/logstash-bin package before 5.5.3 and 5.6.x before 5.6.1 has "chown -R" calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to a $LS_USER account for creation of... Read more

    Affected Products : linux logstash
    • EPSS Score: %0.04
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2017-12905

    Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.... Read more

    Affected Products : pixie_-_image_editor
    • EPSS Score: %1.85
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-4669

    The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.... Read more

    Affected Products : xsuite
    • EPSS Score: %0.25
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-4667

    Multiple hardcoded credentials in Xsuite 2.x.... Read more

    Affected Products : xsuite
    • EPSS Score: %24.01
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2010-3049

    Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot).... Read more

    Affected Products : ios
    • EPSS Score: %0.06
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-1555

    IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545.... Read more

    Affected Products : api_connect
    • EPSS Score: %0.22
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291921 Results