Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2017-15195

    In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.... Read more

    Affected Products : kanboard
    • EPSS Score: %0.49
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-14985

    Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the url parameter to module/module_frame/index.php.... Read more

    Affected Products : eyesofnetwork
    • EPSS Score: %0.15
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-3639

    phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file.... Read more

    Affected Products : phpmybackuppro
    • EPSS Score: %1.37
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-3617

    Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands.... Read more

    Affected Products : fortimanager_firmware
    • EPSS Score: %0.16
    • Published: Aug. 22, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-1481

    IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view sensitive information that belongs to another user. IBM X-Force ID: 128619.... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.18
    • Published: Dec. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-3421

    The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure atta... Read more

    Affected Products : eshop
    • EPSS Score: %0.17
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-14705

    DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication paramete... Read more

    Affected Products : i-suite web_application_firewall
    • EPSS Score: %4.64
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14563

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to a "Read Access Violation on Block Data Move starting at STDUXPSFile!DllUnregisterServer+0x0000000000005311."... Read more

    Affected Products : stdu_viewer
    • EPSS Score: %0.06
    • Published: Sep. 18, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-1458

    IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128377.... Read more

    Affected Products : qradar_network_security
    • EPSS Score: %0.66
    • Published: Sep. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-4988

    EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is affected by a privilege escalation vulnerability that could potentially be exploited by attackers to compromise the affected system.... Read more

    Affected Products : isilon_onefs isilon_onefs
    • EPSS Score: %0.50
    • Published: Jun. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-4985

    In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user may potentially escalate their privileges to root due to authorization checks not being performed on certain perl scripts. This... Read more

    Affected Products : vnx2_firmware vnx1_firmware vnx2 vnx1
    • EPSS Score: %0.04
    • Published: Jun. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-7842

    Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier and 3.2.0.4 and earlier allows remote attackers to read arbitrary files via specially crafted ATC file.... Read more

    Affected Products : attachecase
    • EPSS Score: %6.87
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 3.9

    LOW
    CVE-2017-5685

    The BIOS in Intel NUC systems based on 6th Gen Intel Core processors prior to version KY0045 may allow may allow an attacker with physical access to the system to gain access to personal information.... Read more

    Affected Products : nuc6i7kyk_bios nuc6i7kyk
    • EPSS Score: %0.06
    • Published: Apr. 03, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-5683

    Privilege escalation in IntelHAXM.sys driver in the Intel Hardware Accelerated Execution Manager before version 6.0.6 allows a local user to gain system level access.... Read more

    • EPSS Score: %0.04
    • Published: Apr. 04, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-5671

    Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 industrial printers before 10.11.013310 and 10.12.x before 10.12.013309 have /usr/bin/lua installed setuid to the itadmin account, which allows local users to conduct a BusyBox jailbreak atta... Read more

    • EPSS Score: %0.51
    • Published: Mar. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-5654

    In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.... Read more

    Affected Products : ambari
    • EPSS Score: %0.91
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-3833

    A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. More Information: CSC... Read more

    Affected Products : unified_communications_manager
    • EPSS Score: %0.27
    • Published: Feb. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5586

    OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the BeanShell (bsh) and Apache Commons Collections (ACC) libraries.... Read more

    Affected Products : documentum_d2
    • EPSS Score: %37.25
    • Published: Feb. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-5571

    Open redirect vulnerability in the lmadmin component in Flexera FlexNet Publisher (aka Flex License Manager) 11.14.1 and earlier, as used in Citrix License Server for Windows and the Citrix License Server VPX, allows remote attackers to redirect users to ... Read more

    Affected Products : flexnet_publisher
    • EPSS Score: %0.59
    • Published: Mar. 03, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-5534

    The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component. Affected releases are TIBCO Software Inc. tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterpris... Read more

    Affected Products : tibbr
    • EPSS Score: %0.46
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291368 Results