Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-1262

    IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attac... Read more

    Affected Products : security_guardium
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17939

    PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php.... Read more

    Affected Products : single_theater_booking_script
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-17938

    PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter.... Read more

    Affected Products : single_theater_booking_script
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-7669

    Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter rela... Read more

    Affected Products : easy2map
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-7667

    Multiple cross-site scripting (XSS) vulnerabilities in (1) templates/admanagement/admanagement.php and (2) templates/adspot/adspot.php in the ResAds plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the pa... Read more

    Affected Products : resads
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-7666

    Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers... Read more

    Affected Products : payment_form_for_paypal_pro
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-16768

    Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter.... Read more

    Affected Products : mailplus_server
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-13056

    The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file.... Read more

    Affected Products : pdf-xchange_viewer
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17930

    PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel.... Read more

    Affected Products : professional_service_script
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-1356

    IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID... Read more

    • Published: Dec. 07, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-17925

    PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter.... Read more

    Affected Products : professional_service_script
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-17896

    Readymade Job Site Script has XSS via the keyword parameter to the /job URI.... Read more

    Affected Products : basic_job_site_script
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17892

    Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter.... Read more

    Affected Products : readymade_video_sharing_script
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17891

    Readymade Video Sharing Script has CSRF via user-profile-edit.php.... Read more

    Affected Products : readymade_video_sharing_script
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-17010

    Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : content_manager_assistant
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-16897

    A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 library affecting versions < 3.0.5. This vulnerability allows an attacker to impersonate another user and potentially elevate their privileges if the SAML identity provider does not sig... Read more

    Affected Products : passport-wsfed-saml2
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1365

    IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle Management 4.0, 5.0., and 6.0) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function... Read more

    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15320

    RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to... Read more

    • Published: Dec. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-5261

    In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, the 'ping' and 'traceroute' functions of the web administrative console expose a file path traversal vulnerability, accessible to all authenticated users.... Read more

    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 2.3

    LOW
    CVE-2017-15307

    Huawei Honor 8 smartphone with software versions earlier than FRD-L04C567B389 and earlier than FRD-L14C567B389 have a permission control vulnerability due to improper authorization configuration on specific device information.... Read more

    Affected Products : honor_8_firmware honor_8
    • Published: Dec. 22, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292907 Results