Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2014-8357

    backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsetti... Read more

    Affected Products : znid_2426a_firmware znid_2426a
    • EPSS Score: %18.27
    • Published: Oct. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2014-9733

    nw.js before 0.11.5 can simulate user input events in a normal frame, which allows remote attackers to have unspecified impact via unknown vectors.... Read more

    Affected Products : nw.js
    • EPSS Score: %0.69
    • Published: Oct. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2014-9697

    Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote attackers to cause a memory leak or denial of service (memory exhaustion, reboot and MPU switchover) via a crafted website.... Read more

    • EPSS Score: %0.26
    • Published: Oct. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2014-9677

    Cross-site scripting (XSS) vulnerability in FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the Swfile parameter.... Read more

    Affected Products : flexpaper
    • EPSS Score: %0.23
    • Published: Oct. 17, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2014-9489

    The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote authenticated users to execute arbitrary code via the -... Read more

    Affected Products : gollum gollum-lib grit_adapter
    • EPSS Score: %4.95
    • Published: Oct. 17, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-15296

    The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964.... Read more

    Affected Products : customer_relationship_management
    • EPSS Score: %0.11
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2014-9147

    Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/.... Read more

    Affected Products : fiyo_cms
    • EPSS Score: %17.92
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2014-0029

    Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.... Read more

    Affected Products : subscription_asset_manager
    • EPSS Score: %0.23
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-15374

    Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields ... Read more

    Affected Products : shopware
    • EPSS Score: %3.46
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-15364

    The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact via a crafted file. NOTE: This has been disputed and it is argued that this... Read more

    Affected Products : ccsv
    • EPSS Score: %0.55
    • Published: Oct. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-15363

    Directory traversal vulnerability in public/examples/resources/getsource.php in Luracast Restler through 3.0.0, as used in the restler extension before 1.7.1 for TYPO3, allows remote attackers to read arbitrary files via the file parameter.... Read more

    Affected Products : restler
    • EPSS Score: %66.72
    • Published: Oct. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-15300

    The miner statistics HTTP API in EWBF Cuda Zcash Miner Version 0.3.4b hangs on incoming TCP connections until some sort of request is made (such as "GET / HTTP/1.1"), which allows for a Denial of Service attack preventing a user from viewing their mining ... Read more

    Affected Products : cuda_zcash_miner
    • EPSS Score: %0.26
    • Published: Oct. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.0

    MEDIUM
    CVE-2017-10617

    The ifmap service that comes bundled with Contrail has an XML External Entity (XXE) vulnerability that may allow an attacker to retrieve sensitive system files. Affected releases are Juniper Networks Contrail 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1... Read more

    Affected Products : contrail
    • EPSS Score: %8.57
    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.4

    MEDIUM
    CVE-2017-10616

    The ifmap service that comes bundled with Juniper Networks Contrail releases uses hard coded credentials. Affected releases are Contrail releases 2.2 prior to 2.21.4; 3.0 prior to 3.0.3.4; 3.1 prior to 3.1.4.0; 3.2 prior to 3.2.5.0. CVE-2017-10616 and CVE... Read more

    Affected Products : contrail
    • EPSS Score: %0.45
    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-4921

    By flooding a Juniper Networks router running Junos OS with specially crafted IPv6 traffic, all available resources can be consumed, leading to the inability to store next hop information for legitimate traffic. In extreme cases, the crafted IPv6 traffic ... Read more

    Affected Products : junos
    • EPSS Score: %1.35
    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-15276

    OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server allows uploading content using batches (TAR archives... Read more

    Affected Products : documentum_content_server
    • EPSS Score: %2.61
    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-15014

    OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an au... Read more

    Affected Products : documentum_content_server
    • EPSS Score: %3.97
    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-15013

    OpenText Documentum Content Server (formerly EMC Documentum Content Server) through 7.3 contains the following design gap, which allows an authenticated user to gain superuser privileges: Content Server stores information about uploaded files in dmr_conte... Read more

    Affected Products : documentum_content_server
    • EPSS Score: %1.89
    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12258

    A vulnerability in the web-based UI of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack. The vulnerability exists because the affected software does not provide sufficient... Read more

    Affected Products : unified_communications_manager
    • EPSS Score: %2.57
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15220

    Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer overflow via an empty POST request to a long URI beginning with a /../ substring. This allows remote attackers to execute arbitrary code.... Read more

    Affected Products : vx_search
    • EPSS Score: %12.38
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291756 Results