Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-8018

    EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system.... Read more

    Affected Products : appsync windows
    • EPSS Score: %0.59
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7991

    Exponent CMS 2.4.1 and earlier has SQL injection via a base64 serialized API key (apikey parameter) in the api function of framework/modules/eaas/controllers/eaasController.php.... Read more

    Affected Products : exponent_cms
    • EPSS Score: %1.35
    • Published: Apr. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.4

    HIGH
    CVE-2017-7930

    An Improper Authentication issue was discovered in OSIsoft PI Server 2017 PI Data Archive versions prior to 2017. PI Data Archive has protocol flaws with the potential to expose change records in the clear and allow a malicious party to spoof a server wit... Read more

    Affected Products : pi_data_archive
    • EPSS Score: %0.22
    • Published: Aug. 25, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7881

    BigTree CMS through 4.2.17 relies on a substring check for CSRF protection, which allows remote attackers to bypass this check by placing the required admin/developer/ URI within a query string in an HTTP Referer header. This was found in core/admin/modul... Read more

    Affected Products : bigtree_cms
    • EPSS Score: %0.04
    • Published: Apr. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7684

    Apache OpenMeetings 1.0.0 doesn't check contents of files being uploaded. An attacker can cause a denial of service by uploading multiple large files to the server.... Read more

    Affected Products : openmeetings
    • EPSS Score: %1.50
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 8.0

    HIGH
    CVE-2017-7571

    public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is obtaining admin privileges.... Read more

    Affected Products : faveo_helpdesk
    • EPSS Score: %0.29
    • Published: Apr. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7564

    In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service (secure world panic) via vectors involving debug exceptions and debug registers.... Read more

    • EPSS Score: %0.46
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7455

    Moxa MXView 2.8 allows remote attackers to read web server's private key file, no access control.... Read more

    Affected Products : mxview
    • EPSS Score: %39.99
    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7446

    HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges.... Read more

    Affected Products : helpdezk
    • EPSS Score: %0.27
    • Published: Apr. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-7444

    In Veritas System Recovery before 16 SP1, there is a DLL hijacking vulnerability in the patch installer if an attacker has write access to the directory from which the product is executed.... Read more

    Affected Products : system_recovery
    • EPSS Score: %0.12
    • Published: Apr. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7410

    Multiple SQL injection vulnerabilities in account/signup.php and account/signup2.php in WebsiteBaker 2.10.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username, (2) display_name parameter.... Read more

    Affected Products : websitebaker
    • EPSS Score: %1.69
    • Published: Apr. 03, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-7364

    In all Qualcomm products with Android releases from CAF using the Linux kernel, in function __mdss_fb_copy_destscaler_data(), variable ds_data[i].scale may still point to a user-provided address (which could point to arbitrary kernel address), so on an er... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-7335

    A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x (6.1-2, 6.1-4 and 6.1-5); 7.0-x (7.0-7, 7.0-8, 7.0-9, 7.0-10); and 8.x (8.0, 8.1, 8.2 and 8.3.0-8.3.2) allows an authenticated user to inject arbitrary web script or HTML via non-saniti... Read more

    Affected Products : fortiwlc
    • EPSS Score: %0.25
    • Published: Oct. 26, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7321

    setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier allows remote attackers to execute arbitrary PHP code via the config_key parameter to the setup/index.php?action=welcome URI.... Read more

    Affected Products : modx_revolution
    • EPSS Score: %2.18
    • Published: Mar. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-7283

    An authenticated user of Unitrends Enterprise Backup before 9.1.2 can execute arbitrary OS commands by sending a specially crafted filename to the /api/restore/download-files endpoint, related to the downloadFiles function in api/includes/restore.php.... Read more

    Affected Products : enterprise_backup
    • EPSS Score: %16.60
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-7257

    XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_content parameter. Someone must login to conduct the attack.... Read more

    Affected Products : cms_made_simple
    • EPSS Score: %0.21
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-17475

    TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82736068.... Read more

    Affected Products : vir.it_explorer
    • EPSS Score: %0.03
    • Published: Dec. 08, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-2863

    An out-of-bounds write vulnerability exists in the PDF parsing functionality of Infix 7.1.5. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger th... Read more

    Affected Products : infix
    • EPSS Score: %0.25
    • Published: Jul. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-17467

    TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730074.... Read more

    Affected Products : vir.it_explorer
    • EPSS Score: %0.03
    • Published: Dec. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-6916

    CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to the admin/settings/update/ page. The Navigation Social can be changed.... Read more

    Affected Products : bigtree_cms
    • EPSS Score: %0.12
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291275 Results