Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2017-15788

    XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at CADImage+0x0000000000002d83."... Read more

    Affected Products : xnview windows
    • EPSS Score: %0.36
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-15727

    In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment.... Read more

    Affected Products : phpmyfaq
    • EPSS Score: %0.18
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-15639

    tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature.... Read more

    Affected Products : mura_cms
    • EPSS Score: %6.60
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10363

    Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. The errors resulting from these crafted ... Read more

    Affected Products : logstash
    • EPSS Score: %0.60
    • Published: Jun. 16, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-10377

    In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extract`, permitting remote bypass of the access control list ... Read more

    Affected Products : openvswitch
    • EPSS Score: %0.24
    • Published: May. 29, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2016-10295

    An information disclosure vulnerability in the Qualcomm LED driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Pro... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.18
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-10292

    A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a proximate attacker to cause a denial of service in the Wi-Fi subsystem. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Version... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.21
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2016-10291

    An elevation of privilege vulnerability in the Qualcomm Slimbus driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged p... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.19
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-15384

    rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action.... Read more

    Affected Products : rate_me
    • EPSS Score: %0.23
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-1527

    IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Fo... Read more

    Affected Products : business_process_manager
    • EPSS Score: %0.54
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-15213

    Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an authenticated user to inject JavaScript to gain administrator privileges, via the real_name or email_address field to themes/CleanFS/templates/common.editallusers.tpl.... Read more

    Affected Products : flyspray
    • EPSS Score: %0.29
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-3883

    Multiple cross-site scripting (XSS) vulnerabilities in qdPM 8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) search[keywords] parameter to index.php/users page; the (2) "Name of application" on index.php/configuration; (3) a n... Read more

    Affected Products : qdpm
    • EPSS Score: %0.24
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-15084

    The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22.... Read more

    Affected Products : metasploit
    • EPSS Score: %0.13
    • Published: Oct. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-15035

    EmTec PyroBatchFTP before 3.18 allows remote servers to cause a denial of service (application crash).... Read more

    Affected Products : pyrobatchftp
    • EPSS Score: %23.00
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1502

    IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclo... Read more

    Affected Products : content_navigator
    • EPSS Score: %0.23
    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-14983

    Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object parameter to module/admin_conf/index.php.... Read more

    Affected Products : eyesofnetwork
    • EPSS Score: %0.17
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-14920

    Stored XSS vulnerability in eGroupware Community Edition before 16.1.20170922 allows an unauthenticated remote attacker to inject JavaScript via the User-Agent HTTP header, which is mishandled during rendering by the application administrator.... Read more

    Affected Products : egroupware
    • EPSS Score: %1.22
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14904

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a crafted binder request can cause an arbitrary unmap in MediaServer.... Read more

    Affected Products : android
    • EPSS Score: %0.03
    • Published: Dec. 05, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14795

    The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a crafted BPG file, related to improper interaction wit... Read more

    Affected Products : libbpg
    • EPSS Score: %0.52
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14703

    SQL injection vulnerability in Cash Back Comparison Script 1.0 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to search/.... Read more

    Affected Products : cash_back_comparison
    • EPSS Score: %1.49
    • Published: Sep. 26, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292738 Results