Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2015-8977

    MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files.... Read more

    Affected Products : mybb merge_system
    • Published: Jan. 31, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-13171

    An elevation of privilege vulnerability in the MediaTek performance service. Product: Android. Versions: Android kernel. Android ID A-64316572. References: M-ALPS03479086.... Read more

    Affected Products : android
    • Published: Dec. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-13170

    An elevation of privilege vulnerability in the MediaTek display driver. Product: Android. Versions: Android kernel. Android ID A-36102397. References: M-ALPS03359280.... Read more

    Affected Products : android
    • Published: Dec. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-13130

    mcmnm in BMC Patrol allows local users to gain privileges via a crafted libmcmclnx.so file in the current working directory, because it is setuid root and the RPATH variable begins with the .: substring.... Read more

    Affected Products : patrol
    • Published: Aug. 23, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1305

    IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclos... Read more

    Affected Products : rational_doors_next_generation
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-8377

    GeniXCMS 1.0.2 has SQL Injection in inc/lib/Control/Backend/menus.control.php via the menuid parameter.... Read more

    Affected Products : genixcms genixcms
    • Published: May. 01, 2017
    • Modified: Apr. 20, 2025

  • 7.7

    HIGH
    CVE-2017-2829

    An exploitable directory traversal vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause the application to read a file from disk but ... Read more

    • Published: Jun. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-3401

    Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote authenticated users to affect integrity via unknown vectors, aka bug 99810.... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-2969

    IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that contain emails of people that should not be in these messages. IBM X-Force ID: 113850.... Read more

    Affected Products : sametime
    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-2941

    IBM UrbanCode Deploy creates temporary files during step execution that could contain sensitive information including passwords that could be read by a local user.... Read more

    Affected Products : urbancode_deploy
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-17955

    PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter.... Read more

    Affected Products : php_multivendor_ecommerce
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17906

    PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter.... Read more

    Affected Products : car_rental_script
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17905

    PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php.... Read more

    Affected Products : car_rental_script
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17872

    The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection via the id parameter in a view=category action.... Read more

    Affected Products : jextn_video_gallery
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-2555

    SQL injection vulnerability in include/lib/mysql_connect.inc.php in ATutor 2.2.1 allows remote attackers to execute arbitrary SQL commands via the searchFriends function to friends.inc.php.... Read more

    Affected Products : atutor
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-17799

    In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x82730068.... Read more

    Affected Products : vir.it_explorer
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17779

    Paid To Read Script 2.0.5 has SQL injection via the referrals.php id parameter.... Read more

    Affected Products : paid_to_read_script
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-17698

    Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has reflected XSS in SearchResult.ec and BulkAccessControlView.ec.... Read more

    Affected Products : manageengine_password_manager_pro
    • Published: Dec. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9893

    XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx!gffGetFormatInfo+0x0000000000012548."... Read more

    Affected Products : xnview
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9716

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the qbt1000 driver implements an alternative channel for usermode applications to talk to QSEE applications.... Read more

    Affected Products : android
    • Published: Dec. 05, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293260 Results