Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2017-15610

    An issue was discovered in Octopus before 3.17.7. When the special Guest user account is granted the CertificateExportPrivateKey permission, and Guest Access is enabled for the Octopus Server, an attacker can sign in as the Guest account and export Certif... Read more

    Affected Products : octopus_deploy
    • EPSS Score: %0.14
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-15609

    Octopus before 3.17.7 allows attackers to obtain sensitive cleartext information by reading a variable JSON file in certain situations involving Offline Drop Targets.... Read more

    Affected Products : octopus_deploy
    • EPSS Score: %0.12
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-9459

    Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The ... Read more

    Affected Products : owncloud nextcloud_server
    • EPSS Score: %0.49
    • Published: Mar. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-15538

    Stored XSS vulnerability in the Media Objects component of ILIAS before 5.1.21 and 5.2.x before 5.2.9 allows an authenticated user to inject JavaScript to gain administrator privileges, related to the setParameter function in Services/MediaObjects/classes... Read more

    Affected Products : ilias
    • EPSS Score: %0.43
    • Published: Oct. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2015-5248

    Reflected file download vulnerability in Red Hat Feedhenry Enterprise Mobile Application Platform.... Read more

    • EPSS Score: %0.21
    • Published: Sep. 20, 2017
    • Modified: Apr. 20, 2025

  • 4.6

    MEDIUM
    CVE-2017-8769

    Facebook WhatsApp Messenger before 2.16.323 for Android uses the SD card for cleartext storage of files (Audio, Documents, Images, Video, and Voice Notes) associated with a chat, even after that chat is deleted. There may be users who expect file deletion... Read more

    Affected Products : whatsapp
    • EPSS Score: %0.02
    • Published: May. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.1

    CRITICAL
    CVE-2015-2947

    KanColleViewer versions 3.8.1 and earlier operates as an open proxy which allows remote attackers to trigger outbound network traffic.... Read more

    Affected Products : kancolleviewer
    • EPSS Score: %0.52
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2015-2927

    node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption).... Read more

    Affected Products : debian_linux node.js uro_node
    • EPSS Score: %1.29
    • Published: Sep. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-15278

    Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. The vulnerability exists due to insufficient filtration of data (in /sources/folders.queries.php). An attacker could execute arbitrary HTML and script code in a browser in the context ... Read more

    Affected Products : teampass
    • EPSS Score: %0.29
    • Published: Oct. 12, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-15295

    Xpress Server in SAP POS does not require authentication for read/write/delete file access. This is SAP Security Note 2520064.... Read more

    Affected Products : point_of_sale_xpress_server
    • EPSS Score: %0.52
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-15273

    Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before 16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting a potential dangerous payload, e.g., XSS code, to be saved as titles in internal artefacts.... Read more

    Affected Products : mahara
    • EPSS Score: %0.33
    • Published: Oct. 31, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15251

    IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to "Data from Faulting Address controls Code Flow starting at PDF!xmlParserInputRead+0x000... Read more

    Affected Products : irfanview pdf
    • EPSS Score: %0.19
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-15284

    Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the cont... Read more

    Affected Products : october
    • EPSS Score: %1.73
    • Published: Oct. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-2690

    Multiple cross-site scripting (XSS) vulnerabilities in views/add-license-form.php in the Digium Addons module (digiumaddoninstaller) before 2.11.0.7 for FreePBX allow remote attackers to inject arbitrary web script or HTML via the (1) add_license_key, (2)... Read more

    Affected Products : addons_module
    • EPSS Score: %0.17
    • Published: Aug. 02, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2015-2687

    OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.... Read more

    Affected Products : nova compute
    • EPSS Score: %0.05
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-2387

    The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : apple_music
    • EPSS Score: %0.17
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-15044

    The default installation of DocuWare Fulltext Search server through 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access control features of the DocuWare user interfaces and API. A... Read more

    Affected Products : fulltext_server
    • EPSS Score: %0.38
    • Published: Nov. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-16951

    Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial of service via a crafted WAV, WMV, AU, ASF, AIFF, or AIF file.... Read more

    Affected Products : winamp_pro
    • EPSS Score: %1.51
    • Published: Nov. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2017-16933

    etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.... Read more

    Affected Products : icinga
    • EPSS Score: %0.03
    • Published: Nov. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-14822

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic... Read more

    Affected Products : foxit_reader pdf_reader
    • EPSS Score: %0.10
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291520 Results