Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-12776

    SQL injection vulnerability in reports.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the delreport parameter.... Read more

    Affected Products : nexusphp
    • EPSS Score: %0.49
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2014-9937

    In TrustZone a buffer overflow vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: May. 16, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2014-9941

    In the Embedded File System in all Android releases from CAF using the Linux kernel, a Time-of-Check Time-of-Use Race Condition vulnerability could potentially exist.... Read more

    Affected Products : android
    • EPSS Score: %0.03
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12623

    An authorized user could upload a template which contained malicious code and accessed sensitive files via an XML External Entity (XXE) attack. The fix to properly handle XML External Entities was applied on the Apache NiFi 1.4.0 release. Users running a ... Read more

    Affected Products : nifi
    • EPSS Score: %0.51
    • Published: Oct. 10, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2017-1261

    IBM Security Guardium 10.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 124736.... Read more

    Affected Products : security_guardium
    • EPSS Score: %0.05
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2014-9696

    The Hyper Module Management (HMM) software of Huawei Tecal E9000 Chassis V100R001C00SPC160 and earlier versions allows the operator to modify the user configuration of iMana through privilege escalation.... Read more

    • EPSS Score: %0.22
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2014-9686

    The Googlemaps plugin 3.2 and earlier for Joomla! allows remote attackers with control of a sub-domain belonging to a victim domain to cause a denial of service via the 'url' parameter to plugin_googlemap3_kmlprxy.php. NOTE: this vulnerability exists bec... Read more

    Affected Products : googlemaps
    • EPSS Score: %0.86
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12413

    AXIS 2100 devices 2.43 have XSS via the URI, possibly related to admin/admin.shtml.... Read more

    • EPSS Score: %0.21
    • Published: Aug. 04, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2014-8621

    SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows remote attackers to execute arbitrary SQL commands via the sl_custom_field parameter to sl-xml.php.... Read more

    Affected Products : store_locator
    • EPSS Score: %2.55
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-10838

    Cross-site scripting vulnerability in SEO Panel prior to version 3.11.0 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : seo_panel
    • EPSS Score: %0.21
    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-12271

    A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow an unauthenticated, remote attacker to execute unwanted actions on an affected device. The vulnerability is due to a lack of cross-site request forgery (CSRF) protection. An attacker ... Read more

    • EPSS Score: %0.28
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2014-9310

    Cross-site scripting (XSS) vulnerability in the WordPress Backup to Dropbox plugin before 4.1 for WordPress.... Read more

    Affected Products : wordpress_backup_to_dropbox
    • EPSS Score: %0.40
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2016-6783

    An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. ... Read more

    Affected Products : android
    • EPSS Score: %0.05
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2014-8903

    IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors.... Read more

    Affected Products : curam_social_program_management
    • EPSS Score: %0.85
    • Published: Aug. 02, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2014-8731

    PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via vectors related "serialized data and the last part of the concatenated filename," which creates a file in webroot.... Read more

    Affected Products : phpmemcachedadmin
    • EPSS Score: %47.14
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-16796

    In SWFTools 0.9.2, the png_load function in lib/png.c does not check the return value of a realloc call, which allows remote attackers to cause a denial of service (invalid write and application crash) or possibly have unspecified other impact via vectors... Read more

    Affected Products : swftools
    • EPSS Score: %0.23
    • Published: Nov. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-16781

    The installer in MyBB before 1.8.13 has XSS.... Read more

    Affected Products : mybb
    • EPSS Score: %0.27
    • Published: Nov. 10, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-0276

    Cross-site request forgery (CSRF) vulnerability in Kallithea before 0.2.... Read more

    Affected Products : kallithea
    • EPSS Score: %0.26
    • Published: Sep. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2015-0107

    IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, ... Read more

    • EPSS Score: %7.17
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2014-8492

    Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) site_name, (2) message, or (3) site_url... Read more

    Affected Products : profile_builder
    • EPSS Score: %0.15
    • Published: Oct. 06, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291712 Results