Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2017-14846

    Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter.... Read more

    Affected Products : hospital_management_system
    • EPSS Score: %0.75
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14843

    Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.... Read more

    Affected Products : school_management_system
    • EPSS Score: %0.75
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-14766

    The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fn_ssr_add_st_submit() function and fn_ssr_del_st_submit() function in functions.php only require knowing the student id number.... Read more

    Affected Products : simple_student_result
    • EPSS Score: %0.41
    • Published: Sep. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-14717

    In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter.... Read more

    Affected Products : epesi
    • EPSS Score: %0.36
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14702

    ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary code, related to "com.branaghgroup.ecers.update.UpdateRequest" object deserialization.... Read more

    Affected Products : ers_data_system
    • EPSS Score: %12.37
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-14645

    A heap-based buffer over-read was discovered in AP4_BitStream::ReadBytes in Codecs/Ap4BitStream.cpp in Bento4 version 1.5.0-617. The vulnerability causes an application crash, which leads to remote denial of service.... Read more

    Affected Products : bento4
    • EPSS Score: %0.33
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14571

    STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000049c024c called from STDUXPSFile!DllUnregisterServer+0... Read more

    Affected Products : stdu_viewer
    • EPSS Score: %0.06
    • Published: Sep. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-3342

    Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows unauth... Read more

    Affected Products : marketing
    • EPSS Score: %0.95
    • Published: Apr. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-14423

    htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) devices does not prevent unauthenticated nonce-guessing attacks, which makes it easier for remote attackers to change the DNS configuration via a seri... Read more

    Affected Products : dir-850l_firmware dir-850l
    • EPSS Score: %0.23
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14412

    An invalid memory write was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes a denial of service (segmentation fault and application crash) or possibly unspecified other impact.... Read more

    Affected Products : mp3gain
    • EPSS Score: %0.19
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-14360

    A potential security vulnerability has been identified in HPE Content Manager Workgroup Service v9.00. The vulnerability could be remotely exploited to allow Denial of Service (DoS).... Read more

    Affected Products : content_manager
    • EPSS Score: %0.50
    • Published: Nov. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14345

    SQL Injection exists in tianchoy/blog through 2017-09-12 via the id parameter to view.php.... Read more

    Affected Products : blog blog
    • EPSS Score: %0.25
    • Published: Sep. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-14330

    Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a root shell via vectors involving a privileged process.... Read more

    Affected Products : extremexos
    • EPSS Score: %0.04
    • Published: Oct. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14310

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000001869."... Read more

    Affected Products : stdu_viewer
    • EPSS Score: %0.05
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14282

    XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005862."... Read more

    Affected Products : xnview windows
    • EPSS Score: %0.05
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-1421

    IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.... Read more

    Affected Products : inotes
    • EPSS Score: %0.29
    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-14219

    XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. The attack ... Read more

    Affected Products : wrn_240_firmware wrn_240
    • EPSS Score: %0.30
    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-14194

    The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer.... Read more

    Affected Products : finecms
    • EPSS Score: %0.24
    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2016-10509

    SQL injection vulnerability in the updateAmazonOrderTracking function in upload/admin/model/openbay/amazon.php in OpenCart before version 2.3.0.0 allows remote authenticated administrators to execute arbitrary SQL commands via a carrier (aka courier_id) p... Read more

    Affected Products : opencart
    • EPSS Score: %0.51
    • Published: Aug. 31, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-16765

    XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi.... Read more

    Affected Products : dwr-933_firmware dwr-933
    • EPSS Score: %0.36
    • Published: Nov. 10, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291722 Results