Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-17777

    Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter.... Read more

    Affected Products : paid_to_read_script
    • EPSS Score: %0.72
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-17763

    SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share feature, does not use HTTPS or any integrity-protection mechanism for file transfer, which makes it easier for remote attackers to send crafted files, as demonstrated by APK injection.... Read more

    Affected Products : superbeam
    • EPSS Score: %0.71
    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-17761

    An issue was discovered on Ichano AtHome IP Camera devices. The device runs the "noodles" binary - a service on port 1300 that allows a remote (LAN) unauthenticated user to run arbitrary commands. This binary requires the "system" XML element for specifyi... Read more

    • EPSS Score: %4.52
    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2013-6465

    Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web script or HTML via vectors related to task name html inputs.... Read more

    Affected Products : jbpm
    • EPSS Score: %0.16
    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-17088

    The Enterprise version of SyncBreeze 10.2.12 and earlier is affected by a Remote Denial of Service vulnerability. The web server does not check bounds when reading server requests in the Host header on making a connection, resulting in a classic Buffer Ov... Read more

    Affected Products : syncbreeze
    • EPSS Score: %30.34
    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-15049

    The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.... Read more

    Affected Products : zoom
    • EPSS Score: %28.86
    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-17759

    Conarc iChannel allows remote attackers to obtain sensitive information, modify the configuration, or cause a denial of service (by deleting the configuration) via a wc.dll?wwMaint~EditConfig request (which reaches an older version of a West Wind Web Conn... Read more

    Affected Products : ichannel
    • EPSS Score: %12.55
    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-17758

    TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/dhcps command to cgi-bin/luci, related to the zone_get_iface_bydev function in /usr/lib/lua/luci/c... Read more

    • EPSS Score: %1.28
    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-17757

    TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the interface field of an admin/wportal command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/cont... Read more

    • EPSS Score: %1.28
    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-17107

    Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded cat1029 password for the root user. The SONIX operating system's setup renders this password unchangeable and it can be used to access the device via a TELNET session.... Read more

    • EPSS Score: %3.76
    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17730

    DedeCMS through 5.7 has SQL Injection via the logo parameter to plus/flink_add.php.... Read more

    Affected Products : dedecms
    • EPSS Score: %0.34
    • Published: Dec. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-15876

    Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote authenticated users to upload any type of file, including a PHP shell.... Read more

    Affected Products : gpweb
    • EPSS Score: %1.08
    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15875

    SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 allows remote attackers to execute arbitrary SQL commands via the "checkemail" parameter.... Read more

    Affected Products : gpweb
    • EPSS Score: %0.47
    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.1

    CRITICAL
    CVE-2017-15524

    The Application Firewall Pack (AFP, aka Web Application Firewall) component on Kemp Load Balancer devices with software before 7.2.40.1 allows a Security Feature Bypass via an HTTP POST request.... Read more

    Affected Products : web_application_firewall
    • EPSS Score: %0.28
    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-14583

    NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in SMB environments.... Read more

    Affected Products : clustered_data_ontap
    • EPSS Score: %0.30
    • Published: Dec. 18, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-12630

    In Apache Drill 1.11.0 and earlier when submitting form from Query page users are able to pass arbitrary script or HTML which will take effect on Profile page afterwards. Example: after submitting special script that returns cookie information from Query ... Read more

    Affected Products : drill
    • EPSS Score: %0.72
    • Published: Dec. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-17649

    Readymade Video Sharing Script 3.2 has HTML Injection via the single-video-detail.php comment parameter.... Read more

    Affected Products : readymade_video_sharing_script
    • EPSS Score: %1.26
    • Published: Dec. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-17738

    The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) allows renaming and modifying files via /tools.html.... Read more

    Affected Products : 4k242_firmware 4k242
    • EPSS Score: %16.15
    • Published: Dec. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17733

    Maccms 8.x allows remote command execution via the wd parameter in an index.php?m=vod-search request.... Read more

    Affected Products : maccms
    • EPSS Score: %40.05
    • Published: Dec. 18, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17727

    DedeCMS through 5.6 allows arbitrary file upload and PHP code execution by embedding the PHP code in a .jpg file, which is used in the templet parameter to member/article_edit.php.... Read more

    Affected Products : dedecms
    • EPSS Score: %0.66
    • Published: Dec. 18, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291722 Results