Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2017-8180

    The camera driver of MTK platform in Huawei smart phones with software of versions earlier than Nice-AL00C00B155 has a buffer overflow vulnerability.Due to the insufficient input verification, an attacker tricks a user into installing a malicious applicat... Read more

    • EPSS Score: %0.13
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-8167

    Huawei firewall products USG9500 V500R001C50 has a DoS vulnerability.A remote attacker who controls the peer device could exploit the vulnerability by sending malformed IKE packets to the target device. Successful exploit of the vulnerability could cause ... Read more

    Affected Products : usg9500_firmware usg9500
    • EPSS Score: %0.28
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-8138

    HedEx Earlier than V200R006C00 versions has a cross-site request forgery (CSRF) vulnerability. An attacker could trick a user into accessing a website containing malicious scripts which may tamper with configurations and interrupt normal services.... Read more

    Affected Products : hedex_lite
    • EPSS Score: %0.06
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-8130

    The UMA product with software V200R001 and V300R001 has an information leak vulnerability. An attacker could exploit them to obtain some sensitive information, causing information leak.... Read more

    Affected Products : uma
    • EPSS Score: %0.17
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-8120

    The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated pri... Read more

    Affected Products : uma
    • EPSS Score: %0.22
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8103

    In MyBB before 1.8.11, the Email MyCode component allows XSS, as demonstrated by an onmouseover event.... Read more

    Affected Products : mybb
    • EPSS Score: %0.26
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-8099

    There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing attackers to delete any WordPress users and change the plugin's status via a GET request.... Read more

    Affected Products : whizz whizz
    • EPSS Score: %0.18
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-8098

    e107 2.1.4 is vulnerable to cross-site request forgery in plugin-installing, meta-changing, and settings-changing. A malicious web page can use forged requests to make e107 download and install a plug-in provided by the attacker.... Read more

    Affected Products : e107
    • EPSS Score: %0.17
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8052

    Craft CMS before 2.6.2974 allows XSS attacks.... Read more

    Affected Products : craft_cms
    • EPSS Score: %0.35
    • Published: Apr. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-8007

    In EMC ViPR SRM, Storage M&R, VNX M&R, and M&R (Watch4Net) for SAS Solution Packs, the Webservice Gateway is affected by a directory traversal vulnerability. Attackers with knowledge of Webservice Gateway credentials could potentially exploit this vulnera... Read more

    • EPSS Score: %1.64
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7910

    A Stack-Based Buffer Overflow issue was discovered in Digital Canal Structural Wind Analysis versions 9.1 and prior. An attacker may be able to run arbitrary code by remotely exploiting an executable to perform a denial-of-service attack.... Read more

    Affected Products : wind_analysis
    • EPSS Score: %0.66
    • Published: Jun. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7905

    A Weak Cryptography for Passwords issue was discovered in General Electric (GE) Multilin SR 750 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 760 Feeder Protection Relay, firmware versions prior to Version 7.47; SR 469 Motor Protect... Read more

    • EPSS Score: %0.20
    • Published: Jun. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7888

    Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which makes brute-force attacks easier.... Read more

    Affected Products : dolibarr_erp\/crm
    • EPSS Score: %0.16
    • Published: May. 10, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7877

    CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to modify CMS configurations.... Read more

    Affected Products : flatcore-cms
    • EPSS Score: %0.25
    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7871

    trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in tdm-master/webhook.php (challenge parameter).... Read more

    Affected Products : tdm
    • EPSS Score: %0.24
    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-7720

    Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to cause a denial of service (SEH overwrite) or possibly have unspecified other impact via a long password.... Read more

    Affected Products : privatetunnel
    • EPSS Score: %0.05
    • Published: Apr. 26, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-7690

    Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program.... Read more

    Affected Products : proxifier
    • EPSS Score: %0.16
    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7695

    Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an attacker uploads an 'xxx.php[space]' file, they could bypass a safety check and execute any code.... Read more

    Affected Products : bigtree_cms
    • EPSS Score: %0.39
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1751

    IBM Robotic Process Automation with Automation Anywhere 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credenti... Read more

    • EPSS Score: %0.25
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-7623

    The iwmiffr_convert_row32 function in imagew-miff.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.... Read more

    Affected Products : imageworsener imageworsener
    • EPSS Score: %0.24
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291618 Results