Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2017-5346

    SQL injection vulnerability in inc/lib/Control/Backend/posts.control.php in GeniXCMS 0.0.8 allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter to gxadmin/index.php.... Read more

    Affected Products : genixcms genixcms
    • EPSS Score: %1.08
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-5264

    Versions of Nexpose prior to 6.4.66 fail to adequately validate the source of HTTP requests intended for the Automated Actions administrative web application, and are susceptible to a cross-site request forgery (CSRF) attack.... Read more

    Affected Products : nexpose
    • EPSS Score: %0.34
    • Published: Dec. 14, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-5247

    Biscom Secure File Transfer is vulnerable to cross-site scripting in the File Name field. An authenticated user with permissions to upload or send files can populate this field with a filename that contains standard HTML scripting tags. The resulting scri... Read more

    Affected Products : secure_file_transfer
    • EPSS Score: %0.22
    • Published: Jul. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-5168

    An issue was discovered in Hanwha Techwin Smart Security Manager Versions 1.5 and prior. Multiple Path Traversal vulnerabilities have been identified. The flaws exist within the ActiveMQ Broker service that is installed as part of the product. By issuing ... Read more

    Affected Products : smart_security_manager
    • EPSS Score: %4.32
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-5217

    Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install sess... Read more

    Affected Products : samsung_mobile
    • EPSS Score: %0.15
    • Published: Jan. 09, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-5191

    An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 and 4.3 exists because Access Gateway Error pages do not validate the HTTP Referer header.... Read more

    Affected Products : access_manager
    • EPSS Score: %0.24
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12981

    NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via the sort parameter in an addforum action.... Read more

    Affected Products : nexusphp
    • EPSS Score: %0.25
    • Published: Aug. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-12977

    The Web-Dorado "Photo Gallery by WD - Responsive Photo Gallery" plugin before 1.3.51 for WordPress has a SQL injection vulnerability related to bwg_edit_tag() in photo-gallery.php and edit_tag() in admin/controllers/BWGControllerTags_bwg.php. It is exploi... Read more

    Affected Products : photo_gallery
    • EPSS Score: %0.51
    • Published: Aug. 21, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-5178

    An issue was discovered in Schneider Electric Tableau Server/Desktop Versions 7.0 to 10.1.3 in Wonderware Intelligence Versions 2014R3 and prior. These versions contain a system account that is installed by default. The default system account is difficult... Read more

    • EPSS Score: %2.54
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5158

    An Information Exposure issue was discovered in Schneider Electric Wonderware InTouch Access Anywhere, version 11.5.2 and prior. Credentials may be exposed to external systems via specific URL parameters, as arbitrary destination addresses may be specifie... Read more

    • EPSS Score: %1.02
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-3796

    A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts. More Information: CSCuz03353. Known Affected Releases: 2.6.... Read more

    Affected Products : webex_meetings_server
    • EPSS Score: %0.93
    • Published: Jan. 26, 2017
    • Modified: Apr. 20, 2025

  • 8.9

    HIGH
    CVE-2017-5149

    An issue was discovered in St. Jude Medical Merlin@home, versions prior to Version 8.2.2 (RF models: EX1150; Inductive models: EX1100; and Inductive models: EX1100 with MerlinOnDemand capability). The identities of the endpoints for the communication chan... Read more

    • EPSS Score: %0.32
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-5155

    An issue was discovered in Schneider Electric Wonderware Historian 2014 R2 SP1 P01 and earlier. Wonderware Historian creates logins with default passwords, which can allow a malicious entity to compromise Historian databases. In some installation scenario... Read more

    Affected Products : wonderware_historian
    • EPSS Score: %0.64
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 8.6

    HIGH
    CVE-2017-5143

    An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. A user without authenticating can make a directory traversal attack by accessing a specific URL.... Read more

    • EPSS Score: %3.16
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-4991

    An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, and other versions prior to v3.17.0; and UAA bosh release... Read more

    • EPSS Score: %0.28
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-4984

    In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, an unauthenticated remote attacker may be able to elevate their permissions to root through a command injection. This may potentially be exploited by an a... Read more

    Affected Products : vnx2_firmware vnx1_firmware vnx2 vnx1
    • EPSS Score: %3.51
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-5165

    An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. There is no CSRF Token generated per page and/or per (sensitive) function. Successful exploitation of this vulnerability can allow silent execution of unauthorized a... Read more

    • EPSS Score: %0.08
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-5162

    An issue was discovered in BINOM3 Universal Multifunctional Electric Power Quality Meter. Lack of authentication for remote service gives access to application set up and configuration.... Read more

    • EPSS Score: %60.06
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-6914

    Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.... Read more

    Affected Products : windows unifi_video
    • EPSS Score: %0.14
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2016-10290

    An elevation of privilege vulnerability in the Qualcomm shared memory driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privil... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.17
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291293 Results