Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2015-7667

    Multiple cross-site scripting (XSS) vulnerabilities in (1) templates/admanagement/admanagement.php and (2) templates/adspot/adspot.php in the ResAds plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the pa... Read more

    Affected Products : resads
    • EPSS Score: %0.42
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-7666

    Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers... Read more

    Affected Products : payment_form_for_paypal_pro
    • EPSS Score: %0.59
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-7324

    Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) img or (2) url tag of a new com... Read more

    Affected Products : komento
    • EPSS Score: %0.32
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-6237

    The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP filter restrictions via crafted "privileged commands."... Read more

    Affected Products : ip360
    • EPSS Score: %0.77
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-16768

    Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter.... Read more

    Affected Products : mailplus_server
    • EPSS Score: %0.18
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-13056

    The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file.... Read more

    Affected Products : pdf-xchange_viewer
    • EPSS Score: %1.69
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-9944

    A vulnerability has been identified in Siemens 7KT PAC1200 data manager (7KT1260) in all versions < V2.03. The integrated web server (port 80/tcp) of the affected devices could allow an unauthenticated remote attacker to perform administrative operations ... Read more

    • EPSS Score: %2.60
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17930

    PHP Scripts Mall Professional Service Script has CSRF via admin/general_settingupd.php, as demonstrated by modifying a setting in the user panel.... Read more

    Affected Products : professional_service_script
    • EPSS Score: %0.13
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-17929

    PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter.... Read more

    Affected Products : professional_service_script
    • EPSS Score: %0.24
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17928

    PHP Scripts Mall Professional Service Script has SQL injection via the admin/review.php id parameter.... Read more

    Affected Products : professional_service_script
    • EPSS Score: %0.25
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-17926

    PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address.... Read more

    Affected Products : professional_service_script
    • EPSS Score: %0.24
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-1356

    IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID... Read more

    • EPSS Score: %0.57
    • Published: Dec. 07, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-17925

    PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter.... Read more

    Affected Products : professional_service_script
    • EPSS Score: %0.24
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17903

    FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by adding content to the user panel.... Read more

    Affected Products : lynda_clone
    • EPSS Score: %0.11
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17897

    SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM version 6.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.... Read more

    Affected Products : dolibarr_erp\/crm
    • EPSS Score: %0.41
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-17896

    Readymade Job Site Script has XSS via the keyword parameter to the /job URI.... Read more

    Affected Products : basic_job_site_script
    • EPSS Score: %0.24
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17894

    Readymade Job Site Script has CSRF via the /job URI.... Read more

    Affected Products : basic_job_site_script
    • EPSS Score: %0.13
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17892

    Readymade Video Sharing Script has SQL Injection via the viewsubs.php chnlid parameter or the search_video.php search parameter.... Read more

    Affected Products : readymade_video_sharing_script
    • EPSS Score: %0.25
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17891

    Readymade Video Sharing Script has CSRF via user-profile-edit.php.... Read more

    Affected Products : readymade_video_sharing_script
    • EPSS Score: %0.13
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-17878

    An issue was discovered in Valve Steam Link build 643. Root passwords longer than 8 characters are truncated because of the default use of DES (aka the CONFIG_FEATURE_DEFAULT_PASSWD_ALGO="des" setting).... Read more

    Affected Products : steam_link_firmware steam_link
    • EPSS Score: %0.17
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292099 Results