Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2017-5911

    The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : supermovil
    • EPSS Score: %0.12
    • Published: May. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-5867

    ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to cause a denial of service (server hang and logfile flooding) via a one bit BMP file.... Read more

    Affected Products : owncloud
    • EPSS Score: %0.60
    • Published: Mar. 03, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-16961

    A SQL injection vulnerability in core/inc/auto-modules.php in BigTree CMS through 4.2.19 allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data from the database. The attack uses an ... Read more

    Affected Products : bigtree_cms
    • EPSS Score: %0.17
    • Published: Nov. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-16902

    On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long string of characters in the loginPassword and/or loginUsername field to goform/login causes the router to reboot.... Read more

    Affected Products : vdv-23_firmware vdv-23
    • EPSS Score: %18.29
    • Published: Nov. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-5688

    There is an escalation of privilege vulnerability in the Intel Solid State Drive Toolbox versions before 3.4.5 which allow a local administrative attacker to load and execute arbitrary code.... Read more

    Affected Products : solid_state_drive_toolbox
    • EPSS Score: %0.07
    • Published: May. 31, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-5681

    The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) Engine for OpenSSL versions prior to 0.5.19 may allow remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.... Read more

    Affected Products : quickassist_technology_engine
    • EPSS Score: %0.30
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-16881

    b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor/ArticleProcessor.java, processor/UserProcessor.java, se... Read more

    Affected Products : symphony
    • EPSS Score: %0.24
    • Published: Nov. 18, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-16870

    The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that this does not cross a privilege boundary... Read more

    Affected Products : updraftplus
    • EPSS Score: %0.38
    • Published: Nov. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-16801

    Cross-site scripting (XSS) vulnerability in Octopus Deploy 3.7.0-3.17.13 (fixed in 3.17.14) allows remote authenticated users to inject arbitrary web script or HTML via the Step Template Name parameter.... Read more

    Affected Products : octopus_deploy
    • EPSS Score: %0.15
    • Published: Nov. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1678

    IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials discl... Read more

    Affected Products : rational_doors_next_generation
    • EPSS Score: %0.27
    • Published: Nov. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-16615

    An exploitable vulnerability exists in the YAML parsing functionality in the parse_yaml_query method in parser.py in MLAlchemy before 0.2.2. When processing YAML-Based queries for data, a YAML parser can execute arbitrary Python commands resulting in comm... Read more

    Affected Products : mlalchemy
    • EPSS Score: %0.90
    • Published: Nov. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-16659

    The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script.... Read more

    Affected Products : anti-spam_smtp_proxy
    • EPSS Score: %0.11
    • Published: Nov. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-16759

    The installation process in LibreNMS before 2017-08-18 allows remote attackers to read arbitrary files, related to html/install.php.... Read more

    Affected Products : librenms
    • EPSS Score: %0.01
    • Published: Nov. 09, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-16723

    A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL COMSERVER BASIC 232/422/485, FL COMSERVER UNI 232/422/485, FL COMSERVER BAS 232/422/485-T, FL COMSERVER UNI 232/422/485-T, FL COM SERVER RS232, FL COM SERVER RS485, and PSI-MODEM/ETH (runni... Read more

    • EPSS Score: %0.42
    • Published: Dec. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5543

    includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.... Read more

    Affected Products : subrion
    • EPSS Score: %1.76
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-16711

    The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c in SWFTools 0.9.2 mishandles an uncompress failure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) because of extractDefini... Read more

    Affected Products : swftools
    • EPSS Score: %0.44
    • Published: Nov. 09, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-5480

    Directory traversal vulnerability in inc/files/files.ctrl.php in b2evolution through 6.8.3 allows remote authenticated users to read or delete arbitrary files by leveraging back-office access to provide a .. (dot dot) in the fm_selected array parameter.... Read more

    Affected Products : b2evolution
    • EPSS Score: %0.32
    • Published: Jan. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-5228

    All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 contain a directory traversal vulnerability in the Meterpreter stdapi Dir.download() function. By using a specially-crafted build of Meterpreter, it is possible to write to an arbitrary ... Read more

    Affected Products : metasploit
    • EPSS Score: %0.30
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.3

    HIGH
    CVE-2017-4987

    In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user can load a maliciously crafted file in the search path which may potentially allow the attacker to execute arbitrary code on th... Read more

    Affected Products : vnx2_firmware vnx1_firmware vnx2 vnx1
    • EPSS Score: %0.07
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-1613

    IBM Connections 6.0 could allow an unauthenticated remote attacker to gain unauthenticated or unauthorized access to non-sensitive Engagement Center template data. IBM X-Force ID: 132954.... Read more

    Affected Products : connections
    • EPSS Score: %0.32
    • Published: Dec. 11, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291389 Results