Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-17869

    The mgl-instagram-gallery plugin for WordPress has XSS via the single-gallery.php media parameter.... Read more

    Affected Products : mgl-instagram-gallery
    • EPSS Score: %0.21
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-17933

    cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter.... Read more

    Affected Products : surgeftp
    • EPSS Score: %0.21
    • Published: Dec. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2014-3651

    JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.... Read more

    Affected Products : keycloak build_of_keycloak
    • EPSS Score: %0.80
    • Published: Dec. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17957

    PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the my_wishlist.php fid parameter.... Read more

    Affected Products : php_multivendor_ecommerce
    • EPSS Score: %0.25
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-6094

    CPEs used by subscribers on the access network receive their individual configuration settings from a central GAPS instance. A CPE identifies itself by the MAC address of its WAN interface and a certain "chk" value (48bit) derived from the MAC. The algori... Read more

    Affected Products : gaps
    • EPSS Score: %0.44
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-17954

    PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter.... Read more

    Affected Products : php_multivendor_ecommerce
    • EPSS Score: %0.24
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-15892

    Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter... Read more

    Affected Products : chat
    • EPSS Score: %0.19
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-15886

    Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI.... Read more

    Affected Products : chat
    • EPSS Score: %0.18
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-17941

    PHP Scripts Mall Single Theater Booking has SQL Injection via the admin/movieview.php movieid parameter.... Read more

    Affected Products : single_theater_booking_script
    • EPSS Score: %0.23
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-1262

    IBM Security Guardium 10.0 is vulnerable to HTTP response splitting attacks. A remote attacker could exploit this vulnerability using specially-crafted URL to cause the server to return a split response, once the URL is clicked. This would allow the attac... Read more

    Affected Products : security_guardium
    • EPSS Score: %0.32
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17939

    PHP Scripts Mall Single Theater Booking has CSRF via admin/sitesettings.php.... Read more

    Affected Products : single_theater_booking_script
    • EPSS Score: %0.11
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-17938

    PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter.... Read more

    Affected Products : single_theater_booking_script
    • EPSS Score: %0.22
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-10910

    MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may lead to an attacker causing a denial-of-service condition.... Read more

    Affected Products : mqtt.js
    • EPSS Score: %0.79
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2015-7889

    The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge... Read more

    Affected Products : android galaxy_s6_edge
    • EPSS Score: %2.45
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-7669

    Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include and execute arbitrary files via the csvfile parameter rela... Read more

    Affected Products : easy2map
    • EPSS Score: %3.62
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-7667

    Multiple cross-site scripting (XSS) vulnerabilities in (1) templates/admanagement/admanagement.php and (2) templates/adspot/adspot.php in the ResAds plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the pa... Read more

    Affected Products : resads
    • EPSS Score: %0.42
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-7666

    Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers... Read more

    Affected Products : payment_form_for_paypal_pro
    • EPSS Score: %0.59
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-7324

    Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) img or (2) url tag of a new com... Read more

    Affected Products : komento
    • EPSS Score: %0.32
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-6237

    The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands."... Read more

    Affected Products : ip360
    • EPSS Score: %0.77
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-16768

    Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter.... Read more

    Affected Products : mailplus_server
    • EPSS Score: %0.18
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291659 Results