Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2017-17526

    Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.... Read more

    Affected Products : giac
    • EPSS Score: %0.54
    • Published: Dec. 14, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-11048

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a display driver function, a Use After Free condition can occur.... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Oct. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2017-11045

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a camera driver function, a race condition exists which can lead to a Use After Free condition.... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Dec. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-8878

    ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 allow remote authenticated users to discover the Wi-Fi password via WPS_info.xml.... Read more

    Affected Products : rt-ac1750_firmware rt-ac1750
    • EPSS Score: %0.21
    • Published: May. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-10925

    IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Funct... Read more

    Affected Products : irfanview fpx
    • EPSS Score: %0.12
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-10899

    SQL injection vulnerability in the A-Reserve and A-Reserve for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : a-reserve
    • EPSS Score: %0.22
    • Published: Dec. 01, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-10845

    Wi-Fi STATION L-02F Software version V10g and earlier allows remote attackers to access the device with administrative privileges and perform unintended operations through a backdoor account.... Read more

    • EPSS Score: %2.64
    • Published: Sep. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-10836

    Untrusted search path vulnerability in Optimal Guard 1.1.21 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : optimal_guard
    • EPSS Score: %0.14
    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-4699

    Cross-site scripting (XSS) vulnerability in the Splash Portal in Cloud4Wi before 5.9.7 allows remote attackers to inject arbitrary web script or HTML via the recoveryMessage parameter to the default URI.... Read more

    Affected Products : splash_portal
    • EPSS Score: %0.50
    • Published: Aug. 24, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-4650

    Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors.... Read more

    Affected Products : clearpass_policy_manager
    • EPSS Score: %5.49
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17623

    Opensource Classified Ads Script 3.2 has SQL Injection via the advance_result.php keyword parameter.... Read more

    Affected Products : opensource_classified_ads_script
    • EPSS Score: %2.51
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2015-2692

    AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and to disable arbitrary blocking filters.... Read more

    Affected Products : adblock
    • EPSS Score: %0.62
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-10747

    XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at xnview+0x000000000037a8aa."... Read more

    Affected Products : xnview windows
    • EPSS Score: %0.06
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-17988

    PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_add.php event_title parameter.... Read more

    Affected Products : muslim_matrimonial_script
    • EPSS Score: %0.22
    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-13162

    An elevation of privilege vulnerability in the kernel binder. Product: Android. Versions: Android kernel. Android ID A-64216036.... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Dec. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-7224

    puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask.... Read more

    Affected Products : puppetlabs-mysql
    • EPSS Score: %0.73
    • Published: Dec. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15317

    AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 V200R006C10, V200R006C13, V200R007C00, V200R007C01, V200R007C02, V200R008C20, V200R008C30; AR1200-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR150 V200R006C10, V200R007C00, V200... Read more

    • EPSS Score: %0.15
    • Published: Dec. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-15308

    Huawei iReader app before 8.0.2.301 has an input validation vulnerability due to insufficient validation on the URL used for loading network data. An attacker can control app access and load malicious websites created by the attacker, and the code in webp... Read more

    Affected Products : ireader
    • EPSS Score: %0.20
    • Published: Dec. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2015-4463

    The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL.... Read more

    Affected Products : efront
    • EPSS Score: %0.18
    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2015-4422

    The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users with root permissions to gain privileges or cause a denial of service (memory corruption) via a crafted application.... Read more

    Affected Products : mate_7_firmware mate_7
    • EPSS Score: %0.07
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291384 Results