Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-17593

    Simple Chatting System 1.0 allows Arbitrary File Upload via view/my_profile.php, which places files under uploads/.... Read more

    Affected Products : simple_chatting_system
    • EPSS Score: %16.21
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17592

    Website Auction Marketplace 2.0.5 has SQL Injection via the search.php cat_id parameter.... Read more

    Affected Products : website_auction_marketplace
    • EPSS Score: %2.51
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.3

    MEDIUM
    CVE-2017-9493

    The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to conduct successful forced-pairing attacks (between an RF4CE remote and a set-top box) by repeatedly transmitting the same pairing code... Read more

    • EPSS Score: %0.20
    • Published: Jul. 31, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-9444

    BigTree CMS through 4.2.18 has CSRF related to the core\admin\modules\users\profile\update.php script (modify user information), the index.php/admin/developer/packages/delete/ URI (remove packages), the index.php/admin/developer/upgrade/ignore/?versions= ... Read more

    Affected Products : bigtree_cms
    • EPSS Score: %0.11
    • Published: Jun. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17574

    FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or jobFrequency parameter.... Read more

    Affected Products : care_clone
    • EPSS Score: %2.38
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17573

    FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, or the search.php category_id or sub_category_id parameter.... Read more

    Affected Products : ebay_clone
    • EPSS Score: %2.51
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9363

    Untrusted Java serialization in Soffid IAM console before 1.7.5 allows remote attackers to achieve arbitrary remote code execution via a crafted authentication request.... Read more

    Affected Products : iam
    • EPSS Score: %5.47
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.4

    HIGH
    CVE-2017-9355

    XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.... Read more

    Affected Products : subsonic
    • EPSS Score: %15.88
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-9339

    A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.... Read more

    Affected Products : owncloud
    • EPSS Score: %0.36
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9332

    The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag.... Read more

    Affected Products : pivotx
    • EPSS Score: %0.24
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-1757

    IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 135858.... Read more

    Affected Products : security_guardium
    • EPSS Score: %1.08
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9272

    The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be susceptible to a denial of service attack.... Read more

    • EPSS Score: %0.33
    • Published: Oct. 06, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-9080

    PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.... Read more

    Affected Products : playsms
    • EPSS Score: %73.45
    • Published: May. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2017-8879

    Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the current password, which makes it easier for physically proximate attackers to obtain access via an unattended workstation.... Read more

    Affected Products : dolibarr_erp\/crm
    • EPSS Score: %0.12
    • Published: May. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8876

    Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to content/content.blueprintssections.php.... Read more

    Affected Products : symphony symphony_cms
    • EPSS Score: %0.22
    • Published: May. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-8863

    Information disclosure of .esp source code on the Cohu 3960 allows an attacker to view sensitive information such as application logic with a simple web browser.... Read more

    Affected Products : 3960hd_firmware 3960hd
    • EPSS Score: %0.30
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-8780

    GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during a publish operation by an administrator, as demonstrated by a malformed P element.... Read more

    Affected Products : genixcms genixcms
    • EPSS Score: %0.22
    • Published: May. 04, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2017-8371

    Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses cleartext RAM storage for passwords, which might allow remote attackers to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : struxureware_data_center_expert
    • EPSS Score: %0.18
    • Published: Apr. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-8297

    A path traversal vulnerability exists in simple-file-manager before 2017-04-26, affecting index.php (the sole "Simple PHP File Manager" component).... Read more

    Affected Products : simple-file-manager
    • EPSS Score: %1.50
    • Published: Apr. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-8279

    In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, missing race condition protection while updating msg mask table can lead to buffer over-read. Also access to freed memory can happen while upda... Read more

    Affected Products : android
    • EPSS Score: %0.09
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291316 Results