Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-12322

    Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an ... Read more

    Affected Products : email_encryption
    • EPSS Score: %0.16
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12321

    Multiple vulnerabilities in the web interface of the Cisco Registered Envelope Service (a cloud-based service) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack or redirect a user of the affected service to an ... Read more

    • EPSS Score: %0.16
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-12318

    A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices could allow an unauthenticated, remote attacker to prevent an affected device from delivering switched digital video (SDV) or video on demand (VoD) streams, resulting in a denial of se... Read more

    Affected Products : rf_gateway_1_firmware rf_gateway_1
    • EPSS Score: %0.66
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-12316

    A vulnerability in the Guest Portal login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit. The vulnerability is due to insuffic... Read more

    • EPSS Score: %1.19
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-12314

    A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to the device availability, confidentiality, and integrity, aka Insecure Li... Read more

    Affected Products : findit_network_discovery_utility
    • EPSS Score: %0.07
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-12313

    An untrusted search path (aka DLL Preload) vulnerability in the Cisco Network Academy Packet Tracer software could allow an authenticated, local attacker to execute arbitrary code via DLL hijacking if a local user with administrative privileges executes t... Read more

    Affected Products : packet_tracer
    • EPSS Score: %0.06
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-12309

    A vulnerability in the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a HTTP response splitting attack. The vulnerability is due to the failure of the application or its environment to properly sanitize inp... Read more

    • EPSS Score: %0.98
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-12299

    A vulnerability exists in the process of creating default IP blocks during device initialization for Cisco ASA Next-Generation Firewall Services that could allow an unauthenticated, remote attacker to send traffic to the local IP address of the device, by... Read more

    • EPSS Score: %0.23
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-13136

    The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer overflow, with a resultant invalid malloc and NULL pointer dereference.... Read more

    Affected Products : libbpg
    • EPSS Score: %0.49
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-16842

    Cross-site scripting (XSS) vulnerability in admin/google_search_console/class-gsc-table.php in the Yoast SEO plugin before 5.8.0 for WordPress allows remote attackers to inject arbitrary web script or HTML.... Read more

    Affected Products : wordpress_seo yoast_seo
    • EPSS Score: %0.07
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-5532

    A vulnerability in the report renderer component of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, T... Read more

    • EPSS Score: %0.27
    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2014-0219

    Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports.... Read more

    Affected Products : karaf
    • EPSS Score: %0.08
    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-15806

    The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted em... Read more

    Affected Products : mail
    • EPSS Score: %20.40
    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-15272

    The PSFTPd 10.0.4 Build 729 server stores its configuration inside PSFTPd.dat. This file is a Microsoft Access Database and can be extracted. The application sets the encrypt flag with the password "ITsILLEGAL"; however, this password is not required to e... Read more

    Affected Products : psftpd
    • EPSS Score: %0.06
    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-15271

    A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. This issue could be triggered prior to authentication. The PSFTPd server did not automatically restart, which enabled attackers to perform a very effectiv... Read more

    Affected Products : psftpd
    • EPSS Score: %24.18
    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-15270

    The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain ex... Read more

    Affected Products : psftpd
    • EPSS Score: %13.97
    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-15269

    The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be performed using "nmap -b" and allow performing scans via the FTP server.... Read more

    Affected Products : psftpd
    • EPSS Score: %0.22
    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12634

    The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.... Read more

    Affected Products : camel
    • EPSS Score: %4.56
    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12633

    The camel-hessian component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.... Read more

    Affected Products : camel
    • EPSS Score: %3.41
    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-16833

    Stored cross-site scripting (XSS) vulnerability in Gemirro before 0.16.0 allows attackers to inject arbitrary web script via a crafted javascript: URL in the "homepage" value of a ".gemspec" file.... Read more

    Affected Products : gemirro
    • EPSS Score: %0.33
    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291625 Results