Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2017-14282

    XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005862."... Read more

    Affected Products : xnview windows
    • EPSS Score: %0.05
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-1421

    IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.... Read more

    Affected Products : inotes
    • EPSS Score: %0.29
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-14219

    XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. The attack ... Read more

    Affected Products : wrn_240_firmware wrn_240
    • EPSS Score: %0.30
    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-14194

    The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer.... Read more

    Affected Products : finecms
    • EPSS Score: %0.24
    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2016-10509

    SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a carrier (aka courier_id) p... Read more

    Affected Products : opencart
    • EPSS Score: %0.51
    • Published: Aug. 31, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-16765

    XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi.... Read more

    Affected Products : dwr-933_firmware dwr-933
    • EPSS Score: %0.36
    • Published: Nov. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-16763

    An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "~/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python comman... Read more

    Affected Products : confire
    • EPSS Score: %1.92
    • Published: Nov. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-5532

    Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to membershiplevels.php, (2) memberslist.php,... Read more

    Affected Products : paid_memberships_pro
    • EPSS Score: %1.29
    • Published: Oct. 23, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-16586

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.3.2.25013. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious fil... Read more

    Affected Products : foxit_reader pdf_reader
    • EPSS Score: %0.37
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-16565

    Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage (Grandstream) HT802 devices allows attackers to authenticate a user via the login screen using the default password of 123 and submit arbitrary requests.... Read more

    Affected Products : ht802_firmware ht802
    • EPSS Score: %0.14
    • Published: Nov. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-16520

    Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners.... Read more

    Affected Products : buildmaster
    • EPSS Score: %0.22
    • Published: Nov. 11, 2017
    • Modified: Apr. 20, 2025

  • 8.0

    HIGH
    CVE-2016-1161

    Cross-site request forgery (CSRF) vulnerability in ManageEngine Password Manager Pro before 8.5 (Build 8500).... Read more

    Affected Products : password_manager_pro
    • EPSS Score: %0.24
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2015-5152

    Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-middle attack.... Read more

    Affected Products : foreman
    • EPSS Score: %0.24
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15978

    AROX School ERP PHP Script 1.0 allows SQL Injection via the office_admin/ id parameter.... Read more

    Affected Products : school_erp_php_script
    • EPSS Score: %1.41
    • Published: Oct. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15974

    tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php.... Read more

    Affected Products : tpanel
    • EPSS Score: %4.08
    • Published: Oct. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15918

    Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks.... Read more

    Affected Products : sera
    • EPSS Score: %0.26
    • Published: Nov. 01, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-15891

    Improper access control vulnerability in SYNO.Cal.EventBase in Synology Calendar before 2.0.1-0242 allows remote authenticated users to modify calendar event via unspecified vectors.... Read more

    Affected Products : calendar
    • EPSS Score: %0.13
    • Published: Dec. 08, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-15867

    Multiple cross-site scripting (XSS) vulnerabilities in the user-login-history plugin through 1.5.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) date_from, (2) date_to, (3) user_id, (4) username, (5) country_name,... Read more

    Affected Products : user-login-history
    • EPSS Score: %0.27
    • Published: Oct. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15752

    IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls subsequent Write Address starting at BabaCAD4Imag... Read more

    Affected Products : irfanview babacad4image
    • EPSS Score: %0.19
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-4683

    Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters with HTTP GET requests.... Read more

    Affected Products : realpresence_resource_manager
    • EPSS Score: %34.31
    • Published: Sep. 19, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291638 Results