Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2017-11725

    The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button, leading to unintended redirections.... Read more

    Affected Products : secret_server
    • EPSS Score: %0.16
    • Published: Jul. 29, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-11675

    The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer.php in ZenCart 1.5.5e mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code by placing that code into an invalid array index of... Read more

    Affected Products : zen_cart
    • EPSS Score: %0.72
    • Published: Jul. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.3

    HIGH
    CVE-2017-11657

    Dashlane might allow local users to gain privileges by placing a Trojan horse WINHTTP.dll in the %APPDATA%\Dashlane directory.... Read more

    Affected Products : dashlane
    • EPSS Score: %0.12
    • Published: Aug. 04, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-1161

    IBM API Connect 5.0.6.0 could allow a remote attacker to execute arbitrary commands on the system, caused by improper validation of URLs for the Developer Portal. By crafting a malicious URL, an attacker could exploit this vulnerability to execute arbitra... Read more

    Affected Products : api_connect
    • EPSS Score: %0.38
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-0781

    Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecified vectors.... Read more

    Affected Products : zenworks_configuration_management
    • EPSS Score: %5.57
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-11586

    dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php.... Read more

    Affected Products : finecms
    • EPSS Score: %6.57
    • Published: Jul. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-11581

    dayrui FineCms 5.0.9 has Cross Site Scripting (XSS) in admin/Login.php via a payload in the username field that does not begin with a '<' character.... Read more

    Affected Products : finecms
    • EPSS Score: %0.24
    • Published: Jul. 24, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-11567

    Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to ... Read more

    • EPSS Score: %0.36
    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-11467

    OrientDB through 2.2.22 does not enforce privilege requirements during "where" or "fetchplan" or "order by" use, which allows remote attackers to execute arbitrary OS commands via a crafted request.... Read more

    Affected Products : orientdb
    • EPSS Score: %74.86
    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-11441

    The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before 58.0.52, 60.x before 60.0.45, 62.x before 62.0.27, 64.x before 64.0.33, and 66.x before 66.0.2 has XSS via a locale filename, aka SEC-297.... Read more

    Affected Products : whm
    • EPSS Score: %0.29
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-1143

    IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive informat... Read more

    Affected Products : kenexa_lcms_premier
    • EPSS Score: %0.14
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11381

    A command injection vulnerability exists in Trend Micro Deep Discovery Director 1.1 that allows an attacker to restore accounts that can access the pre-configuration console.... Read more

    Affected Products : deep_discovery_director
    • EPSS Score: %18.47
    • Published: Aug. 01, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11379

    Configuration and database backup archives are not signed or validated in Trend Micro Deep Discovery Director 1.1.... Read more

    Affected Products : deep_discovery_director
    • EPSS Score: %0.21
    • Published: Aug. 01, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-11347

    Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a remote authenticated attacker to generate a PHP script with the content of a malicious image, related to admin/include/common.inc.php and admin/app/physical/physical.php.... Read more

    Affected Products : metinfo
    • EPSS Score: %1.49
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1128

    IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclo... Read more

    • EPSS Score: %0.30
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-11200

    SQL Injection exists in FineCMS through 2017-07-12 via the application/core/controller/excludes.php visitor_ip parameter.... Read more

    Affected Products : finecms
    • EPSS Score: %0.23
    • Published: Jul. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-11183

    front/backup.php in GLPI before 9.1.5 allows remote authenticated administrators to delete arbitrary files via a crafted file parameter.... Read more

    Affected Products : glpi
    • EPSS Score: %0.41
    • Published: Jul. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-11198

    Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_image.php in FineCMS through 2017-07-12 allows remote attackers to inject arbitrary web script or HTML via the folder, id, or name parameter.... Read more

    Affected Products : finecms
    • EPSS Score: %0.22
    • Published: Jul. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11153

    Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload.... Read more

    Affected Products : photo_station
    • EPSS Score: %15.08
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-11128

    Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by the Title field of a New Entry.... Read more

    Affected Products : bolt bolt_cms
    • EPSS Score: %0.21
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291722 Results