Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-12710

    A SQL Injection issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. By submitting a specially crafted parameter, it is possible to inject arbitrary SQL statements that could allow an attacker to obtain sensitive information.... Read more

    Affected Products : webaccess
    • EPSS Score: %0.50
    • Published: Aug. 30, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-15285

    X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor ac... Read more

    Affected Products : x-cart
    • EPSS Score: %2.08
    • Published: Oct. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-0770

    A elevation of privilege vulnerability in the Android media framework (libmediaplayerservice). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38234812.... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Sep. 08, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2014-6106

    Cross-site request forgery (CSRF) vulnerability in IBM Security Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack the authentication of users for requests that can cause cross-site scripting attacks, web cache poisoning, or other unspec... Read more

    Affected Products : security_identity_manager
    • EPSS Score: %0.11
    • Published: Sep. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14689

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at STDUDjV... Read more

    Affected Products : stdu_viewer
    • EPSS Score: %0.05
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7973

    A SQL injection vulnerability exists in Schneider Electric's U.motion Builder software versions 1.2.1 and prior in which an unauthenticated user can use calls to various paths allowing performance of arbitrary SQL commands against the underlying database.... Read more

    Affected Products : u.motion_builder
    • EPSS Score: %0.34
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14738

    FileRun (version 2017.09.18 and below) suffers from a remote SQL injection vulnerability due to a failure to sanitize input in the metafield parameter inside the metasearch module (under the search function).... Read more

    Affected Products : filerun
    • EPSS Score: %6.27
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-12439

    SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xml_path HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML configuration file. This has resultant content forgery, c... Read more

    Affected Products : flash_slideshow_maker
    • EPSS Score: %0.17
    • Published: Aug. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12364

    A SQL Injection vulnerability in the web framework of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to execute unauthorized Structured Query Language (SQL) queries. The vulnerability is due to a failure to validate user-suppl... Read more

    Affected Products : prime_service_catalog
    • EPSS Score: %0.32
    • Published: Nov. 30, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2017-12361

    A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, local attacker to access sensitive communications made by the Jabber client. An attacker could exploit this vulnerability to gain information to conduct additional attacks. The vu... Read more

    Affected Products : jabber
    • EPSS Score: %0.07
    • Published: Nov. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17635

    MLM Forex Market Plan Script 2.0.4 has SQL Injection via the news_detail.php newid parameter or the event_detail.php eventid parameter.... Read more

    Affected Products : mlm_forex_market_plan_script
    • EPSS Score: %2.51
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.0

    MEDIUM
    CVE-2017-12315

    A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restricted in the system log files. The attacker would have to... Read more

    Affected Products : hyperflex_hx_data_platform
    • EPSS Score: %0.06
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17626

    Readymade PHP Classified Script 3.3 has SQL Injection via the /categories subctid or mctid parameter.... Read more

    Affected Products : readymade_php_classified_script
    • EPSS Score: %2.51
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17628

    Responsive Realestate Script 3.2 has SQL Injection via the property-list tbud parameter.... Read more

    Affected Products : responsive_realestate_script
    • EPSS Score: %2.51
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-8332

    Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and perform a case operation as another user via a crafted me... Read more

    • EPSS Score: %0.24
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-12216

    A vulnerability in the web-based user interface of Cisco SocialMiner could allow an unauthenticated, remote attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of XML External ... Read more

    Affected Products : socialminer
    • EPSS Score: %1.57
    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-12476

    The AP4_AvccAtom::InspectFields function in Core/Ap4AvccAtom.cpp in Bento4 mp4dump before 1.5.0-616 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.... Read more

    Affected Products : bento4
    • EPSS Score: %0.26
    • Published: Sep. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.1

    CRITICAL
    CVE-2017-8805

    Debian ftpsync before 20171017 does not use the rsync --safe-links option, which allows remote attackers to conduct directory traversal attacks via a crafted upstream mirror.... Read more

    Affected Products : ftpsync
    • EPSS Score: %0.30
    • Published: Oct. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2017-8280

    In all Qualcomm products with Android releases from CAF using the Linux kernel, during the wlan calibration data store and retrieve operation, there are some potential race conditions which lead to a memory leak and a buffer overflow during the context sw... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7570

    PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension (such as .jpg) and then invoking the duplicate function to change to the .php extension.... Read more

    Affected Products : pivotx
    • EPSS Score: %0.83
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291275 Results