Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-7590

    OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site scripting (XSS) attacks within the Admin UI, as demonstrated by a crafted Managed Object Name.... Read more

    Affected Products : openidm
    • EPSS Score: %0.27
    • Published: Apr. 09, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-7563

    In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 Secure EL1, allowing attackers to bypass the MT_EXECUTE_NEVER protection mechanism. This issue occurs because of inconsistency in the number of execute-never bits (one bit versus two b... Read more

    • EPSS Score: %0.34
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.7

    HIGH
    CVE-2017-7566

    MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.... Read more

    Affected Products : mybb
    • EPSS Score: %0.56
    • Published: Apr. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-2893

    An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs t... Read more

    Affected Products : mongoose
    • EPSS Score: %5.26
    • Published: Nov. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-6771

    A vulnerability in the AutoVNF automation tool of the Cisco Ultra Services Framework could allow an unauthenticated, remote attacker to acquire sensitive information. The vulnerability is due to insufficient protection of sensitive data. An attacker could... Read more

    Affected Products : ultra_services_framework
    • EPSS Score: %0.41
    • Published: Aug. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7390

    A Cross-Site Scripting (XSS) was discovered in 'SocialNetwork v1.2.1'. The vulnerability exists due to insufficient filtration of user-supplied data (mail) passed to the 'SocialNetwork-andrea/app/template/pw_forgot.php' URL. An attacker could execute arbi... Read more

    Affected Products : socialnetwork
    • EPSS Score: %0.22
    • Published: Apr. 01, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7389

    Multiple Cross-Site Scripting (XSS) were discovered in 'openeclass Release_3.5.4'. The vulnerabilities exist due to insufficient filtration of user-supplied data (meeting_id, user) passed to the 'openeclass-master/modules/tc/webconf/webconf.php' URL. An a... Read more

    Affected Products : openeclass
    • EPSS Score: %0.23
    • Published: Apr. 01, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7343

    An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below allows attacker to execute unauthorized code or commands via the url parameter.... Read more

    Affected Products : fortiportal
    • EPSS Score: %0.20
    • Published: May. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7360

    Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack.... Read more

    Affected Products : pixie pixie
    • EPSS Score: %0.23
    • Published: Mar. 31, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7314

    An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available.... Read more

    Affected Products : personify360_e-business
    • EPSS Score: %8.85
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7320

    setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier does not properly constrain the language parameter, which allows remote attackers to conduct Cookie-Bombing attacks and cause a denial of service (cookie quota exhaustion), or conduct ... Read more

    Affected Products : modx_revolution
    • EPSS Score: %0.31
    • Published: Mar. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-7295

    An issue was discovered in Contiki Operating System 3.0. A use-after-free vulnerability exists in httpd-simple.c in cc26xx-web-demo httpd, where upon a connection close event, the http_state structure was not deallocated properly, resulting in a NULL poin... Read more

    Affected Products : contiki contiki-os
    • EPSS Score: %0.35
    • Published: May. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-7282

    An issue was discovered in Unitrends Enterprise Backup before 9.1.1. The function downloadFile in api/includes/restore.php blindly accepts any filename passed to /api/restore/download as valid. This allows an authenticated attacker to read any file in the... Read more

    Affected Products : enterprise_backup
    • EPSS Score: %7.53
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-7256

    XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_summary parameter. Someone must login to conduct the attack.... Read more

    Affected Products : cms_made_simple
    • EPSS Score: %0.21
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7249

    Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. The vulnerabilities exist due to insufficient filtration of user-supplied data (action, userid) passed to the 'Gazelle-master/sections/tools/data/ocelot_info.php' URL. An at... Read more

    Affected Products : gazelle
    • EPSS Score: %0.32
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7192

    WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass because of incorrect management of the certValidated variable (it can be set to true but cannot be set to false).... Read more

    Affected Products : starscream
    • EPSS Score: %0.22
    • Published: Apr. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6958

    An XSS vulnerability in the MantisBT Source Integration Plugin (before 2.0.2) search result page allows an attacker to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by crafting any valid parameter.... Read more

    Affected Products : source_integration
    • EPSS Score: %0.24
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-3742

    In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a user-readable l... Read more

    Affected Products : android windows connect2
    • EPSS Score: %0.09
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-6968

    GMV Checker ATM Security prior to 5.0.18 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka PT-2017-03.... Read more

    Affected Products : checker_atm_security
    • EPSS Score: %0.71
    • Published: Apr. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-6864

    The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at port 10000/TCP could allow an authenticated user to perform stored Cross-Site Scripting attacks.... Read more

    Affected Products : ruggedcom_rox_i
    • EPSS Score: %0.30
    • Published: Mar. 29, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291638 Results