Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-17933

    cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter.... Read more

    Affected Products : surgeftp
    • EPSS Score: %0.21
    • Published: Dec. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17957

    PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter.... Read more

    Affected Products : php_multivendor_ecommerce
    • EPSS Score: %0.25
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-6094

    CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain "chk" value (48bit) derived from the MAC. The algori... Read more

    Affected Products : gaps
    • EPSS Score: %0.44
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-17941

    PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter.... Read more

    Affected Products : single_theater_booking_script
    • EPSS Score: %0.23
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-1262

    IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attac... Read more

    Affected Products : security_guardium
    • EPSS Score: %0.32
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17939

    PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php.... Read more

    Affected Products : single_theater_booking_script
    • EPSS Score: %0.11
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-17938

    PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter.... Read more

    Affected Products : single_theater_booking_script
    • EPSS Score: %0.22
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-7669

    Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter rela... Read more

    Affected Products : easy2map
    • EPSS Score: %3.62
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-7667

    Multiple cross-site scripting (XSS) vulnerabilities in (1) templates/admanagement/admanagement.php and (2) templates/adspot/adspot.php in the ResAds plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the pa... Read more

    Affected Products : resads
    • EPSS Score: %0.42
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-7666

    Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers... Read more

    Affected Products : payment_form_for_paypal_pro
    • EPSS Score: %0.59
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-16768

    Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter.... Read more

    Affected Products : mailplus_server
    • EPSS Score: %0.18
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-13056

    The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file.... Read more

    Affected Products : pdf-xchange_viewer
    • EPSS Score: %1.69
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17930

    PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel.... Read more

    Affected Products : professional_service_script
    • EPSS Score: %0.13
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-1356

    IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID... Read more

    • EPSS Score: %0.57
    • Published: Dec. 07, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-17925

    PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter.... Read more

    Affected Products : professional_service_script
    • EPSS Score: %0.24
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-17896

    Readymade Job Site Script has XSS via the keyword parameter to the /job URI.... Read more

    Affected Products : basic_job_site_script
    • EPSS Score: %0.24
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17892

    Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter.... Read more

    Affected Products : readymade_video_sharing_script
    • EPSS Score: %0.25
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17891

    Readymade Video Sharing Script has CSRF via user-profile-edit.php.... Read more

    Affected Products : readymade_video_sharing_script
    • EPSS Score: %0.13
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-17010

    Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : content_manager_assistant
    • EPSS Score: %0.17
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-16897

    A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sig... Read more

    Affected Products : passport-wsfed-saml2
    • EPSS Score: %0.42
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292725 Results