Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2017-7256

    XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter. Someone must login to conduct the attack.... Read more

    Affected Products : cms_made_simple
    • EPSS Score: %0.21
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7249

    Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data (action, userid) passed to the 'Gazelle-master/sections/tools/data/ocelot_info.php' URL. An at... Read more

    Affected Products : gazelle
    • EPSS Score: %0.32
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7192

    WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false).... Read more

    Affected Products : starscream
    • EPSS Score: %0.22
    • Published: Apr. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6958

    An XSS vulnerability in the MantisBT Source Integration Plugin (before 2.0.2) search result page allows an attacker to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by crafting any valid parameter.... Read more

    Affected Products : source_integration
    • EPSS Score: %0.24
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-3742

    In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable l... Read more

    Affected Products : android windows connect2
    • EPSS Score: %0.09
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-6968

    GMV Checker ATM Security prior to 5.0.18 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka PT-2017-03.... Read more

    Affected Products : checker_atm_security
    • EPSS Score: %0.71
    • Published: Apr. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-6864

    The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks.... Read more

    Affected Products : ruggedcom_rox_i
    • EPSS Score: %0.30
    • Published: Mar. 29, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17430

    Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows remote attackers to execute arbitrary commands via the web interface.... Read more

    • EPSS Score: %0.89
    • Published: Dec. 07, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-6785

    A vulnerability in configuration modification permissions validation for Cisco Unified Communications Manager could allow an authenticated, remote attacker to perform a horizontal privilege escalation where one user can modify another user's configuration... Read more

    Affected Products : unified_communications_manager
    • EPSS Score: %0.17
    • Published: Aug. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-6780

    A vulnerability in the TCP throttling process for Cisco IoT Field Network Director (IoT-FND) could allow an unauthenticated, remote attacker to cause the system to consume additional memory, eventually forcing the device to restart, aka Memory Exhaustion.... Read more

    • EPSS Score: %0.48
    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-6735

    A vulnerability in the backup and restore functionality of Cisco FireSIGHT System Software could allow an authenticated, local attacker to execute arbitrary code on a targeted system. More Information: CSCvc91092. Known Affected Releases: 6.2.0 6.2.1.... Read more

    Affected Products : firesight_system_software
    • EPSS Score: %0.08
    • Published: Jul. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-6730

    A vulnerability in the web-based GUI of Cisco Wide Area Application Services (WAAS) Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system, aka Information Disclosure. This vulnerability affec... Read more

    Affected Products : wide_area_application_services
    • EPSS Score: %0.36
    • Published: Jul. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6725

    A vulnerability in the web framework code of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCuw65833 ... Read more

    Affected Products : prime_infrastructure
    • EPSS Score: %0.35
    • Published: Jul. 04, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6702

    A vulnerability in the web framework of Cisco SocialMiner could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCve15285. Known Affecte... Read more

    Affected Products : socialminer
    • EPSS Score: %0.35
    • Published: Jul. 04, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-6692

    A vulnerability in Cisco Ultra Services Framework Element Manager could allow an authenticated, remote attacker to log in to the device with the privileges of the root user, aka an Insecure Default Account Information Vulnerability. More Information: CSCv... Read more

    • EPSS Score: %0.99
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-6691

    A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive information on an affected system. More Information: CSCvd29403. Known Affected Releases: 2.3(2).... Read more

    • EPSS Score: %0.21
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-6684

    A vulnerability in Cisco Elastic Services Controllers could allow an authenticated, remote attacker to log in to an affected system as the Linux admin user, aka an Insecure Default Credentials Vulnerability. More Information: CSCvc76651. Known Affected Re... Read more

    • EPSS Score: %0.99
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-6681

    A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to execute a relative path traversal attack, enabling an attacker to read sensitive files on the system. More Information... Read more

    • EPSS Score: %3.08
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.9

    MEDIUM
    CVE-2017-6606

    A vulnerability in a startup script of Cisco IOS XE Software could allow an unauthenticated attacker with physical access to the targeted system to execute arbitrary commands on the underlying operating system with the privileges of the root user. More In... Read more

    Affected Products : ios_xe
    • EPSS Score: %0.16
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-6577

    A SQL injection issue is exploitable, with WordPress admin access, in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects ./inc/subscriber_list.php with the POST Parameter: list_id.... Read more

    Affected Products : mail-masta
    • EPSS Score: %0.73
    • Published: Mar. 09, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291625 Results