Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-7807

    I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors.... Read more

    Affected Products : wfs-sr01_firmware wfs-sr01
    • EPSS Score: %0.75
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12774

    finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database... Read more

    Affected Products : finecms
    • EPSS Score: %0.90
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-16856

    The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) vulnerabilities in various rss properties which were used as links without restriction on their s... Read more

    Affected Products : confluence
    • EPSS Score: %0.20
    • Published: Dec. 05, 2017
    • Modified: Apr. 20, 2025

  • 4.6

    MEDIUM
    CVE-2017-12266

    A vulnerability in the routine that loads DLL files in Cisco Meeting App for Windows could allow an authenticated, local attacker to run an executable file with privileges equivalent to those of Cisco Meeting App. The vulnerability is due to incomplete in... Read more

    Affected Products : meeting_app
    • EPSS Score: %0.03
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2014-9148

    Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur.... Read more

    Affected Products : fiyo_cms
    • EPSS Score: %24.23
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2017-1150

    IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 could allow an authenticated attacker with specialized access to tables that they should not be permitted to view. IBM Reference #: 1999515.... Read more

    Affected Products : db2
    • EPSS Score: %0.16
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2015-0269

    Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x before 3.4.4 allows remote authenticated "back end" users to view files outside their file mounts or the document root via unspecified vectors.... Read more

    Affected Products : contao contao_cms
    • EPSS Score: %0.46
    • Published: May. 26, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-16843

    Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the NewKeyword or NewDomain field to /goform/RgParentalBasic.... Read more

    Affected Products : vdv-23_firmware vdv-23
    • EPSS Score: %0.11
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15991

    Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL Injection in searchCommercial.php via the property_type, city, or posted_by parameter, or searchResidential.php via the property_type, city, or bedroom parameter, a different vulnerability t... Read more

    Affected Products : agent_zone
    • EPSS Score: %1.41
    • Published: Oct. 31, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-8676

    The get_vlc2 function in get_bits.h in Libav 11.9 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted mp3 file. NOTE: this issue exists due to an incomplete fix for CVE-2016-8675.... Read more

    Affected Products : libav
    • EPSS Score: %0.26
    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15975

    Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the 'product_id' to add_to_cart.php, a different vulnerability than CVE-2008-4461.... Read more

    Affected Products : dating_zone
    • EPSS Score: %2.51
    • Published: Oct. 29, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-5748

    External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to disclose the content of local files to logged-in users.... Read more

    Affected Products : access_manager
    • EPSS Score: %0.05
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15976

    ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid parameter, a different vulnerability than CVE-2008-3604.... Read more

    Affected Products : zeebuddy
    • EPSS Score: %2.51
    • Published: Oct. 29, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2014-8087

    Cross-site scripting (XSS) vulnerability in the post highlights plugin before 2.6.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the txt parameter in a headline action to ajax/ph_save.php.... Read more

    Affected Products : post_highlights
    • EPSS Score: %0.31
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 4.6

    MEDIUM
    CVE-2014-7954

    Directory traversal vulnerability in the doSendObjectInfo method in frameworks/av/media/mtp/MtpServer.cpp in Android 4.4.4 allows physically proximate attackers with a direct connection to the target Android device to upload files outside of the sdcard vi... Read more

    Affected Products : android
    • EPSS Score: %0.42
    • Published: Jul. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9914

    XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .bie file, related to a "Read Access Violation on Block Data Move starting at Xjbig+0x000000000000121b."... Read more

    Affected Products : xnview
    • EPSS Score: %0.68
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9883

    IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at FPX+0x0000000000007216."... Read more

    Affected Products : irfanview fpx
    • EPSS Score: %0.21
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9873

    IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "Read Access Violation on Control Flow starting at FPX!GetPlugInInfo+0x0000000000012bf2."... Read more

    Affected Products : irfanview fpx
    • EPSS Score: %0.39
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9855

    An issue was discovered in SMA Solar Technology products. A secondary authentication system is available for Installers called the Grid Guard system. This system uses predictable codes, and a single Grid Guard code can be used on any SMA inverter. Any suc... Read more

    • EPSS Score: %0.44
    • Published: Aug. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9802

    The Javascript method Sling.evalString() in Apache Sling Servlets Post before 2.3.22 uses the javascript 'eval' function to parse input strings, which allows for XSS attacks by passing specially crafted input strings.... Read more

    • EPSS Score: %0.63
    • Published: Aug. 14, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292321 Results