Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.6

    HIGH
    CVE-2017-12293

    A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient limitations on the number of connections that can be made to the affected... Read more

    Affected Products : webex_meetings_server
    • EPSS Score: %1.65
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-12269

    A vulnerability in the web UI of Cisco Spark Messaging Software could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. The vulnerability is due to insufficient input validation by the web UI of the affected so... Read more

    Affected Products : spark
    • EPSS Score: %0.36
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-7888

    Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a... Read more

    • EPSS Score: %13.88
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 4.6

    MEDIUM
    CVE-2015-7846

    Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information.... Read more

    • EPSS Score: %0.03
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 9.1

    CRITICAL
    CVE-2017-12249

    A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to components of or sensitive information in an affected s... Read more

    Affected Products : meeting_server
    • EPSS Score: %1.22
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2015-7847

    Huawei MBB (Mobile Broadband) product E3272s with software versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00 has a Denial of Service (DoS) vulnerability. An attacker could send a malicious packet to the Common Gateway Interface (CGI) of a target... Read more

    Affected Products : e3272s_firmware e3272s
    • EPSS Score: %0.02
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2015-7780

    Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0.... Read more

    Affected Products : manageengine_firewall_analyzer
    • EPSS Score: %36.22
    • Published: Jun. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1208

    IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure wi... Read more

    • EPSS Score: %0.27
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12068

    The Event List plugin 0.7.9 for WordPress has XSS in the slug array parameter to wp-admin/admin.php in an el_admin_categories delete_bulk action.... Read more

    Affected Products : event_list
    • EPSS Score: %0.21
    • Published: Aug. 01, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-1193

    IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to obtain sensitive information using an HTTP GET request. IBM X-Force ID: 123667.... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.28
    • Published: Jun. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11631

    dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL injection via the id parameter.... Read more

    Affected Products : fiyo_cms
    • EPSS Score: %0.23
    • Published: Jul. 26, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-1183

    IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-Force ID: 123494.... Read more

    Affected Products : tivoli_monitoring
    • EPSS Score: %0.91
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-11797

    ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2... Read more

    Affected Products : chakracore
    • EPSS Score: %26.10
    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-11741

    HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.... Read more

    Affected Products : vagrant_vmware_fusion
    • EPSS Score: %0.31
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-11682

    Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) version, (2) url, or (3) rootdir parameter in hashcat.php.... Read more

    Affected Products : hashtopolis
    • EPSS Score: %0.22
    • Published: Jul. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-11667

    OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session expiry, which allows remote attackers to perform APIv3 requests indefinitely by leveraging a hijacked session.... Read more

    Affected Products : openproject
    • EPSS Score: %0.82
    • Published: Jul. 26, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11630

    dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a different vulnerability than CVE-2017-8853.... Read more

    Affected Products : fiyo_cms
    • EPSS Score: %0.78
    • Published: Jul. 26, 2017
    • Modified: Apr. 20, 2025

  • 8.6

    HIGH
    CVE-2017-11615

    A sandbox escape in the Lua interface in Wube Factorio before 0.15.31 allows remote game servers or user-assisted attackers to execute arbitrary C code by including and loading a C library.... Read more

    Affected Products : factorio
    • EPSS Score: %0.20
    • Published: Jul. 26, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-11594

    Cross-site scripting (XSS) vulnerability in the Markdown parser in Loomio before 1.8.0 allows remote attackers to inject arbitrary web script or HTML via non-sanitized Markdown content in a new thread or a thread comment.... Read more

    Affected Products : loomio
    • EPSS Score: %0.23
    • Published: Jul. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2015-0783

    The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable.... Read more

    Affected Products : zenworks_configuration_management
    • EPSS Score: %1.26
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291401 Results