Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2017-6039

    A Use of Hard-Coded Password issue was discovered in Phoenix Broadband PowerAgent SC3 BMS, all versions prior to v6.87. Use of a hard-coded password may allow unauthorized access to the device.... Read more

    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2015-7891

    Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops... Read more

    Affected Products : samsung_mobile
    • Published: Aug. 02, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2015-7880

    The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to obtain sensitive event registration information by leveraging the "Register other accounts" permission and knowledge of usernames.... Read more

    Affected Products : drupal
    • Published: Sep. 13, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2016-8751

    Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies.... Read more

    Affected Products : ranger
    • Published: Jun. 14, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-10749

    XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV near NULL starting at wow64!Wow64NotifyDebugger+0x000000000000001d."... Read more

    Affected Products : xnview windows
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-9746

    IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a... Read more

    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-2222

    Cross-site scripting vulnerability in WP-Members prior to version 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : wp-members wp-members
    • Published: Jul. 07, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-11760

    uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated users to execute arbitrary PHP code by uploading a .php file composed of concatenated image data and script data, as demonstrated by uploading as an image within the description text ar... Read more

    Affected Products : projeqtor
    • Published: Jul. 31, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-7806

    Eval injection vulnerability in the fm_saveHelperGatherItems function in ajax.php in the Form Manager plugin before 1.7.3 for WordPress allows remote attackers to execute arbitrary code via unspecified vectors.... Read more

    Affected Products : form_manager
    • Published: Oct. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-17753

    Multiple cross-site scripting (XSS) vulnerabilities in the esb-csv-import-export plugin through 1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) cie_type, (2) cie_import, (3) cie_update, or (4) cie_ignore paramet... Read more

    Affected Products : csv-import-export
    • Published: Dec. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-11749

    InternetSoft FTP Commander 8.02 and prior has an untrusted search path, allowing DLL hijacking via a Trojan horse dwmapi.dll file.... Read more

    Affected Products : ftp_commander
    • Published: Jul. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-17993

    Biometric Shift Employee Management System has XSS via the amount parameter in an index.php?user=addition_deduction request.... Read more

    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17874

    Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file upload via an "Add a new product" or "Add a product preview" action, which can make a .php file accessible under a uploads/ URI.... Read more

    Affected Products : marketplace_digital_products_php
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15887

    An improper restriction of excessive authentication attempts vulnerability in /principals in Synology CardDAV Server before 6.0.7-0085 allows remote attackers to obtain user credentials via a brute-force attack.... Read more

    Affected Products : carddav_server
    • Published: Nov. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-7358

    The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an ... Read more

    Affected Products : windows ciphershed veracrypt truecrypt
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-17099

    There exists an unauthenticated SEH based Buffer Overflow vulnerability in the HTTP server of Flexense SyncBreeze Enterprise v10.1.16. When sending a GET request with an excessive length, it is possible for a malicious user to overwrite the SEH record and... Read more

    Affected Products : syncbreeze
    • Published: Dec. 03, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-7265

    Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks.... Read more

    Affected Products : proxygen
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-7247

    D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensiti... Read more

    Affected Products : dvg-n5402sp_firmware dvg-n5402sp
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2015-7225

    Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password (aka OTP), which allows remote or physically proximate attackers with a target user's login credentials ... Read more

    Affected Products : devise-two-factor
    • Published: Sep. 06, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-17968

    A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response.... Read more

    Affected Products : nettransport_download_manager
    • Published: Dec. 29, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292801 Results