Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-9336

    The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post.... Read more

    Affected Products : wp_editor.md
    • Published: Jun. 01, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-2738

    VCM5010 with software versions earlier before V100R002C50SPC100 has an authentication bypass vulnerability. This is due to improper implementation of authentication for accessing web pages. An unauthenticated attacker could bypass the authentication by se... Read more

    Affected Products : vcm5010_firmware vcm5010
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.0

    HIGH
    CVE-2017-2714

    The GaussDB in FusionSphere OpenStack V100R005C10SPC705 and earlier versions has a buffer overflow vulnerability. An authenticated attacker on the LAN can exploit this vulnerability to execute arbitrary code or cause a denial of service (DoS) condition in... Read more

    Affected Products : fusionsphere_openstack
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9136

    An issue was discovered on Mimosa Client Radios before 2.2.3. In the device's web interface, there is a page that allows an attacker to use an unsanitized GET parameter to download files from the device as the root user. The attacker can download any file... Read more

    Affected Products : backhaul_radios client_radios
    • Published: May. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-9133

    An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa Backhaul Radios before 2.2.3. In the device's web interface, after logging in, there is a page that allows you to ping other hosts from the device and view the results. The user is al... Read more

    Affected Products : backhaul_radios client_radios
    • Published: May. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    CRITICAL
    CVE-2017-2684

    Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an attacker with knowledge of a valid user name, and physical or network access to the affected system, to bypass the application-level authentication.... Read more

    Affected Products : simatic_logon
    • Published: Feb. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-8926

    Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file.... Read more

    Affected Products : logview_pro
    • Published: May. 15, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-8836

    CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute c... Read more

    • Published: Jun. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8024

    EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, versions prior to 8.0.0.6, version 7.2.1.x) is impacted by a reflected cross-site scripting vulnerability that may potentially be exploited by malicious users to compromise the affect... Read more

    Affected Products : isilon_onefs isilon_onefs
    • Published: Oct. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-8775

    Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file.... Read more

    • Published: May. 04, 2017
    • Modified: Apr. 20, 2025

  • 8.0

    HIGH
    CVE-2017-2283

    WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.... Read more

    Affected Products : wn-g300r3_firmware wn-g300r3
    • Published: Aug. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2272

    Untrusted search path vulnerability in Self-extracting encrypted files created by AttacheCase ver.3.2.2.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : attachecase
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2267

    Untrusted search path vulnerability in FileCapsule Deluxe Portable Ver.1.0.5.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : filecapsule_deluxe_portable
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-2097

    Cross-site request forgery (CSRF) vulnerability in Knowledge versions prior to v1.7.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors.... Read more

    Affected Products : knowledge
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-2092

    Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : garoon
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-2110

    The Access CX App for Android prior to 2.0.0.1 and for iOS prior to 2.0.2 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : access_cx
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-2130

    Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. 3.7.13 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : phishwall_client
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-2153

    SEIL/x86 Fuji 1.70 to 5.62, SEIL/BPV4 5.00 to 5.62, SEIL/X1 1.30 to 5.62, SEIL/X2 1.30 to 5.62, SEIL/B1 1.00 to 5.62 allows remote attackers to cause a denial of service via specially crafted IPv4 UDP packets.... Read more

    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1104

    IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure with... Read more

    Affected Products : rational_quality_manager
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11054

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing a specially crafted cfg80211 vendor command, a buffer over-read can occur.... Read more

    Affected Products : android
    • Published: Oct. 10, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292871 Results