Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-12731

    A SQL Injection issue was discovered in OPW Fuel Management Systems SiteSentinel Integra 100, SiteSentinel Integra 500, and SiteSentinel iSite ATG consoles with the following software versions: older than V175, V175-V189, V191-V195, and V16Q3.1. The appli... Read more

    • EPSS Score: %0.28
    • Published: Sep. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-1269

    IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-force ID: 124744... Read more

    Affected Products : security_guardium
    • EPSS Score: %0.68
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12582

    Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P devices with firmware 4.2.1 build 20160601. Unprivileged user cannot login at front end but with that unprivileged user SID, all function can access at Surveil... Read more

    Affected Products : ts-212p_firmware ts-212p
    • EPSS Score: %0.34
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12650

    SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress via the X-Forwarded-For HTTP header.... Read more

    Affected Products : loginizer
    • EPSS Score: %0.60
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-1264

    IBM Security Guardium 10.0 does not prove or insufficiently proves that the actors identity is correct which can lead to exposure of resources or functionality to unintended actors. IBM X-Force ID: 124739.... Read more

    Affected Products : security_guardium
    • EPSS Score: %0.25
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-12591

    ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter.... Read more

    Affected Products : dsl-n10s_firmware dsl-n10s
    • EPSS Score: %0.21
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.4

    MEDIUM
    CVE-2017-12285

    A vulnerability in the web interface of Cisco Network Analysis Module Software could allow an unauthenticated, remote attacker to delete arbitrary files from an affected system, aka Directory Traversal. The vulnerability exists because the affected softwa... Read more

    Affected Products : prime_network_analysis_module
    • EPSS Score: %77.45
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12268

    A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker to enable multiple network adapters, aka a Dual-Homed Interface vulnerability. The vulnerability is due to insuffic... Read more

    Affected Products : anyconnect_secure_mobility_client
    • EPSS Score: %0.07
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12224

    A vulnerability in the ability for guest users to join meetings via a hyperlink with Cisco Meeting Server could allow an authenticated, remote attacker to enter a meeting with a hyperlink URL, even though access should be denied. The vulnerability is due ... Read more

    Affected Products : meeting_server
    • EPSS Score: %0.44
    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-1195

    IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnera... Read more

    Affected Products : curam_social_program_management
    • EPSS Score: %0.15
    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-11801

    ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2... Read more

    Affected Products : chakracore
    • EPSS Score: %26.10
    • Published: Oct. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11757

    Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 allows remote attackers to execute arbitrary code via crafted traffic to TCP port 1583. The overflow occurs after Server-Client encryption-key exchange. The issue results from an integ... Read more

    Affected Products : zen pervasive_psql
    • EPSS Score: %3.54
    • Published: Jul. 31, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11669

    An out-of-bounds read flaw related to the assess_packet function in eapmd5pass.c:211 was found in the way eapmd5pass 1.4 handled processing of network packets. A remote attacker could potentially use this flaw to crash the eapmd5pass process under certain... Read more

    Affected Products : eapmd5pass
    • EPSS Score: %0.65
    • Published: Jul. 31, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-11647

    NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to stored cross-site scripting attacks. Creating an SSID with an XSS payload results in successful exploitation.... Read more

    Affected Products : 4gt101w_software 4gt101w_bootloader
    • EPSS Score: %0.21
    • Published: Jul. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-11646

    NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: V1.1.8.8 / Bootloader: 1.1.3 are vulnerable to CSRF attacks, as demonstrated by using administration.html to disable the firewall. They does not contain any token that can mitigate CSRF vuln... Read more

    Affected Products : 4gt101w_software 4gt101w_bootloader
    • EPSS Score: %0.13
    • Published: Jul. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-11593

    Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus extension before 0.5.7 for Chrome allows remote attackers to inject arbitrary web script or HTML into some web applications via the upload and display of crafted text, markdown, or rst ... Read more

    Affected Products : markdown_preview_plus
    • EPSS Score: %0.24
    • Published: Jul. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11587

    On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory traversal in the filename parameter to the /download.conf URI.... Read more

    • EPSS Score: %0.72
    • Published: Jul. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11584

    dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an action=module, action=member, action=form, or action=related request to libraries/Template.php.... Read more

    Affected Products : finecms
    • EPSS Score: %0.52
    • Published: Jul. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-11522

    The WriteOnePNGImage function in coders/png.c in ImageMagick through 6.9.9-0 and 7.x through 7.0.6-1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file.... Read more

    Affected Products : imagemagick
    • EPSS Score: %0.36
    • Published: Jul. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11469

    get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the file_name parameter.... Read more

    Affected Products : uptime_infrastructure_monitor
    • EPSS Score: %7.21
    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292516 Results