Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.5

    MEDIUM
    CVE-2017-2733

    Honor 6X smartphones with software versions earlier than BLN-AL10C00B357 and versions earlier than BLN-AL20C00B357 have an information leak vulnerability due to improper file permission configuration. An attacker tricks a user into installing a malicious ... Read more

    Affected Products : honor_6x_firmware honor_6x
    • EPSS Score: %0.09
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11401

    An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Improper handling of the mbap.length field of ModBus packets in the ModBus DPI filter allows an attacker to send malformed/crafted packets to a protected... Read more

    • EPSS Score: %0.20
    • Published: Nov. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-18006

    netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447.... Read more

    Affected Products : portfolio_netpublish
    • EPSS Score: %0.24
    • Published: Jan. 01, 2018
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-10704

    Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503.... Read more

    Affected Products : magento
    • EPSS Score: %0.10
    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025

  • 8.6

    HIGH
    CVE-2017-14855

    Red Lion HMI panels allow remote attackers to cause a denial of service (software exception) via an HTTP POST request to a long URI that does not exist, as demonstrated by version HMI 2.41 PLC 2.42.... Read more

    Affected Products : hmi_panel_firmware hmi_panel
    • EPSS Score: %0.62
    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12813

    PHPJabbers File Sharing Script 1.0 has stored XSS in the comments section.... Read more

    Affected Products : phpjabbers_file_sharing_script
    • EPSS Score: %0.24
    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12811

    PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item.... Read more

    Affected Products : phpjabbers_star_rating_script
    • EPSS Score: %0.24
    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-17991

    Biometric Shift Employee Management System has XSS via the expense_name parameter in an index.php?user=expenses request.... Read more

    • EPSS Score: %0.21
    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-17984

    PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter.... Read more

    Affected Products : muslim_matrimonial_script
    • EPSS Score: %0.22
    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-17981

    PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter.... Read more

    Affected Products : muslim_matrimonial_script
    • EPSS Score: %0.19
    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2012-2576

    SQL injection vulnerability in the LoginServlet page in SolarWinds Storage Manager before 5.1.2, SolarWinds Storage Profiler before 5.1.2, and SolarWinds Backup Profiler before 5.1.2 allows remote attackers to execute arbitrary SQL commands via the loginN... Read more

    • EPSS Score: %42.86
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-17901

    ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of service (CPU consumption) via a flood of IP packets with a TTL of 1.... Read more

    Affected Products : p-660hw p-660hw_firmware
    • EPSS Score: %0.50
    • Published: Dec. 29, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2014-0120

    Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."... Read more

    Affected Products : hawtio jboss_fuse
    • EPSS Score: %0.14
    • Published: Dec. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17974

    BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPserv 00002, and Script 02.*) and ISC2000 devices allows remote attackers to obtain sensitive information via a request for isc/get_sid_js.aspx or isc/get_sid.aspx, as demonstrated by obtai... Read more

    • EPSS Score: %0.46
    • Published: Dec. 29, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-17910

    On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur transmitter and a receiver to obtain the encrypted packet an... Read more

    • EPSS Score: %0.06
    • Published: Dec. 29, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-17869

    The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter.... Read more

    Affected Products : mgl-instagram-gallery
    • EPSS Score: %0.21
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-17933

    cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter.... Read more

    Affected Products : surgeftp
    • EPSS Score: %0.21
    • Published: Dec. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2014-3651

    JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.... Read more

    Affected Products : keycloak build_of_keycloak
    • EPSS Score: %0.80
    • Published: Dec. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17957

    PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter.... Read more

    Affected Products : php_multivendor_ecommerce
    • EPSS Score: %0.25
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-6094

    CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain "chk" value (48bit) derived from the MAC. The algori... Read more

    Affected Products : gaps
    • EPSS Score: %0.44
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291531 Results