Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2017-17758

    TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/c... Read more

    • EPSS Score: %1.28
    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-17757

    TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/cont... Read more

    • EPSS Score: %1.28
    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-17107

    Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session.... Read more

    • EPSS Score: %3.76
    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17730

    DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php.... Read more

    Affected Products : dedecms
    • EPSS Score: %0.34
    • Published: Dec. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-15876

    Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell.... Read more

    Affected Products : gpweb
    • EPSS Score: %1.08
    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15875

    SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter.... Read more

    Affected Products : gpweb
    • EPSS Score: %0.47
    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.1

    CRITICAL
    CVE-2017-15524

    The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request.... Read more

    Affected Products : web_application_firewall
    • EPSS Score: %0.28
    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-14583

    NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments.... Read more

    Affected Products : clustered_data_ontap
    • EPSS Score: %0.30
    • Published: Dec. 18, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-12630

    In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query ... Read more

    Affected Products : drill
    • EPSS Score: %0.72
    • Published: Dec. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-17649

    Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter.... Read more

    Affected Products : readymade_video_sharing_script
    • EPSS Score: %1.26
    • Published: Dec. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-17738

    The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html.... Read more

    Affected Products : 4k242_firmware 4k242
    • EPSS Score: %16.15
    • Published: Dec. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17733

    Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request.... Read more

    Affected Products : maccms
    • EPSS Score: %40.05
    • Published: Dec. 18, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17727

    DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php.... Read more

    Affected Products : dedecms
    • EPSS Score: %0.66
    • Published: Dec. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-17717

    Sonatype Nexus Repository Manager through 2.14.5 has weak password encryption with a hardcoded CMMDwoV value in the LDAP integration feature.... Read more

    Affected Products : nexus_repository_manager
    • EPSS Score: %0.12
    • Published: Dec. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-17714

    Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId parameter, the /register User-Agent HTTP header, the /register country parameter, the /register countryCode parameter, the /register cpu parameter, the /register isp parameter, the /re... Read more

    Affected Products : trape
    • EPSS Score: %0.40
    • Published: Dec. 16, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17715

    The saveFile method in MediaController.java in the Telegram Messenger application before 2017-12-08 for Android allows directory traversal via a pathname obtained in a file-transfer request from a remote peer, as demonstrated by writing to tgnet.dat or tg... Read more

    Affected Products : telegram_messenger messenger
    • EPSS Score: %0.53
    • Published: Dec. 16, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-14134

    A Reflected XSS Vulnerability affects the forgotten password page of Maplesoft Maple T.A. 2016.0.6 (Customer Hosted) via the emailAddress parameter to passwordreset/PasswordReset.do, aka Open Bug Bounty ID OBB-286688.... Read more

    Affected Products : maple_t.a.
    • EPSS Score: %0.22
    • Published: Dec. 16, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-3194

    Pandora iOS app prior to version 8.3.2 fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.... Read more

    Affected Products : pandora
    • EPSS Score: %0.47
    • Published: Dec. 16, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-3191

    D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 are vulnerable to authentication bypass of the remote login page. A remote attacker that can access the remote management login page can manipulate the POST request in such a manner as... Read more

    • EPSS Score: %40.18
    • Published: Dec. 16, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-3190

    Flash Seats Mobile App for Android version 1.7.9 and earlier and for iOS version 1.9.51 and earlier fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle (MITM) attacks.... Read more

    Affected Products : flash_seats
    • EPSS Score: %0.10
    • Published: Dec. 16, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291625 Results