Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    CRITICAL
    CVE-2017-12905

    Server Side Request Forgery vulnerability in Vebto Pixie Image Editor 1.4 and 1.7 allows remote attackers to disclose information or execute arbitrary code via the url parameter to Launderer.php.... Read more

    Affected Products : pixie_-_image_editor
    • EPSS Score: %1.85
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-4669

    The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.... Read more

    Affected Products : xsuite
    • EPSS Score: %0.25
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-4667

    Multiple hardcoded credentials in Xsuite 2.x.... Read more

    Affected Products : xsuite
    • EPSS Score: %24.01
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2010-3049

    Cisco IOS before 12.2(33)SXI allows local users to cause a denial of service (device reboot).... Read more

    Affected Products : ios
    • EPSS Score: %0.06
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-1555

    IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated user to generate an API token when not subscribed to the application plan. IBM X-Force ID: 131545.... Read more

    Affected Products : api_connect
    • EPSS Score: %0.22
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1424

    IBM Business Process Manager 8.5.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trus... Read more

    Affected Products : business_process_manager
    • EPSS Score: %0.25
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-1362

    IBM Security Identity Manager Adapters 6.0 and 7.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 126801.... Read more

    Affected Products : security_identity_manager
    • EPSS Score: %0.04
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-14716

    In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title parameter.... Read more

    Affected Products : epesi
    • EPSS Score: %0.21
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-14715

    In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts Title parameter.... Read more

    Affected Products : epesi
    • EPSS Score: %0.21
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-14714

    In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls Subject parameter.... Read more

    Affected Products : epesi
    • EPSS Score: %0.21
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-14712

    In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter.... Read more

    Affected Products : epesi
    • EPSS Score: %0.36
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14079

    Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) versions before 9.7 Patch 3 allow remote attackers to execute arbitrary code on vulnerable installations.... Read more

    Affected Products : mobile_security
    • EPSS Score: %13.24
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-11395

    Command injection vulnerability in Trend Micro Smart Protection Server (Standalone) 3.1 and 3.2 server administration UI allows attackers with authenticated access to execute arbitrary code on vulnerable installations.... Read more

    Affected Products : smart_protection_server
    • EPSS Score: %8.45
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9393

    CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote attackers to potentially identify passwords of locked accounts through an exhaustive search.... Read more

    • EPSS Score: %0.42
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-3770

    Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system.... Read more

    Affected Products : xclarity_administrator
    • EPSS Score: %0.46
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14688

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to a "Read Access Violation starting at STDUDjVuFile!DllUnregisterServer+0x000000000000d917."... Read more

    Affected Products : stdu_viewer
    • EPSS Score: %0.05
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-14653

    member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote authenticated users to read arbitrary order information via a modified OrderNo parameter.... Read more

    Affected Products : aspcms
    • EPSS Score: %0.21
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.4

    HIGH
    CVE-2017-8012

    In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Java Management Extensions (JMX) protocol used to communicate between components in the Alerting and/or Compliance components can be leveraged to create a denial of ser... Read more

    • EPSS Score: %0.69
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-14680

    ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document.... Read more

    Affected Products : zktime_web
    • EPSS Score: %10.12
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9283

    An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus VisiBroker 8.5. The feasibility of leveraging this vulnerability for further attacks was not assessed.... Read more

    Affected Products : visibroker
    • EPSS Score: %0.40
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291946 Results