Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2017-15732

    In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/news.php.... Read more

    Affected Products : phpmyfaq
    • EPSS Score: %0.13
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-15730

    In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.... Read more

    Affected Products : phpmyfaq
    • EPSS Score: %0.38
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-1569

    IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified vulnerability in Marketing ESpot's that could cause a denial of service. IBM X-Force ID: 131779.... Read more

    Affected Products : websphere_commerce
    • EPSS Score: %0.51
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 6.7

    MEDIUM
    CVE-2017-15651

    PRTG Network Monitor 17.3.33.2830 allows remote authenticated administrators to execute arbitrary code by uploading a .exe file and then proceeding in spite of the error message.... Read more

    Affected Products : prtg_network_monitor
    • EPSS Score: %0.58
    • Published: Oct. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-9148

    Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM parameter.... Read more

    Affected Products : service_desk_manager
    • EPSS Score: %0.63
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-15297

    SAP Hostcontrol does not require authentication for the SOAP SAPControl endpoint. This is SAP Security Note 2442993.... Read more

    Affected Products : host_agent
    • EPSS Score: %2.63
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-15309

    Huawei iReader app before 8.0.2.301 has a path traversal vulnerability due to insufficient validation on file storage paths. An attacker can exploit this vulnerability to store downloaded malicious files in an arbitrary directory.... Read more

    Affected Products : ireader
    • EPSS Score: %0.15
    • Published: Dec. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-15294

    The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964.... Read more

    Affected Products : customer_relationship_management
    • EPSS Score: %0.33
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15246

    IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .pdf file, related to a "Read Access Violation on Block Data Move starting at PDF!xmlListWalk+0x0000000000015... Read more

    Affected Products : irfanview pdf
    • EPSS Score: %0.19
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15239

    IrfanView 4.44 - 32bit with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address may be used as a return value starting at PDF!xmlPa... Read more

    Affected Products : irfanview pdf
    • EPSS Score: %0.10
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-15236

    Tiandy IP cameras 5.56.17.120 do not properly restrict a certain proprietary protocol, which allows remote attackers to read settings via a crafted request to TCP port 3001, as demonstrated by config* files and extendword.txt.... Read more

    • EPSS Score: %4.44
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-15188

    A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admin_device/index.php.... Read more

    Affected Products : eyesofnetwork
    • EPSS Score: %0.17
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-15223

    Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an infinite loop.... Read more

    Affected Products : mini_mail_server
    • EPSS Score: %17.18
    • Published: Oct. 24, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-15207

    In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a private project of another user.... Read more

    Affected Products : kanboard
    • EPSS Score: %0.49
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-3894

    A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by... Read more

    • EPSS Score: %0.36
    • Published: May. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15081

    In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.... Read more

    Affected Products : php_melody
    • EPSS Score: %7.33
    • Published: Oct. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2017-3870

    A vulnerability in the URL filtering feature of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass a configured URL filter rule. Affected Products: This vulnerability affects all release... Read more

    Affected Products : web_security_appliance
    • EPSS Score: %0.25
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-15037

    In FreeBSD through 11.1, the smb_strdupin function in sys/netsmb/smb_subr.c has a race condition with a resultant out-of-bounds read, because it can cause t2p->t_name strings to lack a final '\0' character.... Read more

    Affected Products : freebsd
    • EPSS Score: %0.36
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-15009

    PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected Cross-Site Scripting on error.htm (the error page), via the errormsg parameter.... Read more

    Affected Products : prtg_network_monitor
    • EPSS Score: %0.30
    • Published: Oct. 04, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2017-3818

    A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device, aka a Malforme... Read more

    Affected Products : email_security_appliance_firmware
    • EPSS Score: %0.21
    • Published: Feb. 03, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291638 Results