Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2017-9555

    Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter.... Read more

    Affected Products : photo_station
    • EPSS Score: %0.23
    • Published: Aug. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-9571

    The Citizens Community Bank (TN) ccb-mobile-banking/id610030469 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : ccb_mobile_banking
    • EPSS Score: %0.12
    • Published: Jun. 16, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-9497

    The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to execute arbitrary commands as root by pulling up the diagnostics menu on the set-top box, and then posting to a Web Insp... Read more

    • EPSS Score: %0.13
    • Published: Jul. 31, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9492

    The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco D... Read more

    • EPSS Score: %0.34
    • Published: Jul. 31, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-9437

    Openbravo Business Suite 3.0 is affected by SQL injection. This vulnerability could allow remote authenticated attackers to inject arbitrary SQL code.... Read more

    Affected Products : openbravo_erp
    • EPSS Score: %0.35
    • Published: Jun. 05, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-9427

    SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core\admin\modules\developer\modules\designer\form-create.php. The attacker creates a crafted table name at admin/developer/m... Read more

    Affected Products : bigtree_cms
    • EPSS Score: %0.35
    • Published: Jun. 04, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9415

    Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view.... Read more

    Affected Products : subsonic
    • EPSS Score: %0.83
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-9416

    Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by the Odoo service.... Read more

    Affected Products : odoo
    • EPSS Score: %50.42
    • Published: Jun. 04, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9289

    Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in note-source\ui\editor.php (edit parameter).... Read more

    Affected Products : note
    • EPSS Score: %0.24
    • Published: May. 29, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-2720

    FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered... Read more

    Affected Products : fusionsphere_openstack
    • EPSS Score: %0.10
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-2700

    AC6005 with software V200R006C10, AC6605 with software V200R006C10 have a DoS Vulnerability. An attacker can send malformed packets to the device, which causes the device memory leaks, leading to DoS attacks.... Read more

    • EPSS Score: %0.22
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-2691

    Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier before EVA-CL00C92B373, versions earlier before EVA-DL00C17B373, versions earlier before EVA-TL00C01B373 have a lock-screen bypass vulnerability. An unauthenticated attacker could force t... Read more

    Affected Products : p9_firmware p9
    • EPSS Score: %0.04
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.3

    HIGH
    CVE-2017-9046

    winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbitrary code in the DllMain function, then clicking on a m... Read more

    Affected Products : pegasus
    • EPSS Score: %0.11
    • Published: May. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8788

    An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is a CRLF vulnerability in settings_global_text_edit.php allowing ?display=x%0Dnewline attacks.... Read more

    Affected Products : file_transfer_appliance
    • EPSS Score: %0.24
    • Published: May. 05, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-8218

    vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password.... Read more

    Affected Products : c2_firmware c20i_firmware c2 c20i
    • EPSS Score: %0.90
    • Published: Apr. 25, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8017

    EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and 9.4.2.x is affected by a reflected cross-site scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system.... Read more

    • EPSS Score: %0.28
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2268

    Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : filecapsule_deluxe_portable
    • EPSS Score: %0.14
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2266

    Untrusted search path vulnerability in Encrypted files in self-decryption format created by FileCapsule Deluxe Portable Ver.1.0.4.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : filecapsule_deluxe_portable
    • EPSS Score: %0.14
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2242

    Untrusted search path vulnerability in Flets Setsuzoku Tool for Windows all versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : flets_setsuzoku_tool
    • EPSS Score: %0.14
    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-8271

    Out of bound memory write can happen in the MDSS Rotator driver in all Qualcomm products with Android releases from CAF using the Linux kernel by an unsanitized userspace-controlled parameter.... Read more

    Affected Products : android
    • EPSS Score: %0.05
    • Published: Aug. 11, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291570 Results