Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2017-14274

    XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at jbig2dec+0x0000000000008706."... Read more

    Affected Products : xnview windows
    • EPSS Score: %0.06
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14273

    XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlInterlockedPopEntrySList+0x00000000000003b0."... Read more

    Affected Products : xnview windows
    • EPSS Score: %0.06
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14252

    SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the group_id cookie to side.php.... Read more

    Affected Products : eyesofnetwork
    • EPSS Score: %0.25
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14247

    SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5.1-0 via the user_id cookie to header.php, a related issue to CVE-2017-1000060.... Read more

    Affected Products : eyesofnetwork eonweb
    • EPSS Score: %0.25
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-14195

    The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer.... Read more

    Affected Products : finecms
    • EPSS Score: %0.24
    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14163

    An issue was discovered in Mahara before 15.04.14, 16.x before 16.04.8, 16.10.x before 16.10.5, and 17.x before 17.04.3. When one closes the browser without logging out of Mahara, the value in the usr_session table is not removed. If someone were to open ... Read more

    Affected Products : mahara
    • EPSS Score: %0.22
    • Published: Oct. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-14123

    Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File Upload vulnerability in the "Group Chat" section. Any user can upload files with any extensions. By uploading a PHP file to the server, an attacker can cause it to execute in the server co... Read more

    Affected Products : manageengine_firewall_analyzer
    • EPSS Score: %4.42
    • Published: Sep. 04, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14069

    SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw array parameter to nowarn.php.... Read more

    Affected Products : nexusphp
    • EPSS Score: %0.25
    • Published: Aug. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14035

    CrushFTP 8.x before 8.2.0 has a serialization vulnerability.... Read more

    Affected Products : crushftp
    • EPSS Score: %0.53
    • Published: Aug. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-14001

    An Improper Neutralization of Special Elements used in an OS Command issue was discovered in Digium Asterisk GUI 2.1.0 and prior. An OS command injection vulnerability has been identified that may allow the execution of arbitrary code on the system throug... Read more

    Affected Products : asterisk_gui
    • EPSS Score: %1.65
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-13779

    GSTN_offline_tool in India Goods and Services Tax Network (GSTN) Offline Utility tool before 1.2 executes winstart-server.vbs from the "C:\GST Offline Tool" directory, which has insecure permissions. This allows local users to gain privileges by replacing... Read more

    • EPSS Score: %0.38
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-13724

    On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site Scripting vulnerability in the APN parameter under the "Basic Settings" page.... Read more

    Affected Products : mu553s_firmware mu553s
    • EPSS Score: %0.21
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1372

    IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu... Read more

    Affected Products : tririga_application_platform
    • EPSS Score: %0.20
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 4.9

    MEDIUM
    CVE-2017-1370

    IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863.... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.26
    • Published: Jul. 31, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-13697

    controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable.... Read more

    Affected Products : finecms
    • EPSS Score: %0.33
    • Published: Aug. 25, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2015-2263

    Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x before 5.2.5, and 5.3.x before 5.3.3 uses global read permissions for files in its configuration directory when starting YARN NodeManager, which allows local users to obtain sensitive inf... Read more

    Affected Products : cloudera_manager
    • EPSS Score: %0.04
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1338

    IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials discl... Read more

    • EPSS Score: %0.27
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2015-9020

    In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in the unlocking of memory.... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2015-9007

    In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist.... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2015-8996

    In TrustZone a time-of-check time-of-use race condition could potentially exist in a QFPROM routine in all Android releases from CAF using the Linux kernel.... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: May. 16, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291401 Results