Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2017-6734

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected device, ... Read more

    Affected Products : identity_services_engine
    • EPSS Score: %0.24
    • Published: Jul. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-2241

    SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service".... Read more

    Affected Products : mac_os_x assetview
    • EPSS Score: %0.31
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-2921

    An exploitable memory corruption vulnerability exists in the Websocket protocol implementation of Cesanta Mongoose 6.8. A specially crafted websocket packet can cause an integer overflow, leading to a heap buffer overflow and resulting in denial of servic... Read more

    Affected Products : mongoose
    • EPSS Score: %2.15
    • Published: Nov. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17870

    The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the appid parameter in an entriessearch action.... Read more

    Affected Products : jbuildozer
    • EPSS Score: %3.10
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2015-7570

    Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lite/tes... Read more

    Affected Products : yeager_cms
    • EPSS Score: %6.16
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-7516

    ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Frame (0x8870).... Read more

    Affected Products : onos
    • EPSS Score: %1.34
    • Published: Aug. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11706

    The Boozt Fashion application before 2.3.4 for Android allows remote attackers to read login credentials by sniffing the network and leveraging the lack of SSL. NOTE: the vendor response, before the application was changed to enable SSL logins, was "At th... Read more

    Affected Products : boozt
    • EPSS Score: %0.34
    • Published: Jul. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-10873

    OpenAM (Open Source Edition) allows an attacker to bypass authentication and access unauthorized contents via unspecified vectors. Note that this vulnerability affects OpenAM (Open Source Edition) implementations configured as SAML 2.0IdP, and switches au... Read more

    Affected Products : openam
    • EPSS Score: %0.97
    • Published: Nov. 02, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-7292

    Stack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows attackers to cause a denial of service (panic) or possibly have unspecified other impact via a long string to /dev/hv.... Read more

    Affected Products : fire_os
    • EPSS Score: %0.41
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-7764

    Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode.... Read more

    Affected Products : lemur
    • EPSS Score: %0.34
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-7241

    XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01.... Read more

    Affected Products : netweaver
    • EPSS Score: %27.38
    • Published: Sep. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11498

    Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of service) via a language pack (ZIP file) with invalid HTML ... Read more

    Affected Products : sentinel_ldk_rte desigo_cc
    • EPSS Score: %2.92
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17895

    Readymade Job Site Script has SQL Injection via the location_name array parameter to the /job URI.... Read more

    Affected Products : basic_job_site_script
    • EPSS Score: %0.25
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-11463

    In Ivanti Service Desk (formerly LANDESK Management Suite) versions between 2016.3 and 2017.3, an Unrestricted Direct Object Reference leads to referencing/updating objects belonging to other users. In other words, a normal user can send requests to a spe... Read more

    Affected Products : endpoint_manager
    • EPSS Score: %1.16
    • Published: Dec. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-13772

    Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers with hardware version 4 allow remote authenticated users to execute arbitrary code via the (1) ping_addr parameter to PingIframeRpm.htm or (2) dnsserver2 parameter to WanStaticIpV6CfgRpm... Read more

    Affected Products : wr940n_firmware wr940n
    • EPSS Score: %68.85
    • Published: Oct. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12781

    The EBML_BufferToID function in ebmlelement.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (Null pointer dereference and application crash) via a crafted mkv file.... Read more

    Affected Products : mkvalidator libebml2 mkclean
    • EPSS Score: %0.68
    • Published: Nov. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-11018

    In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, array access out of bounds may occur in the camera driver in the kernel... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 4.9

    MEDIUM
    CVE-2017-16946

    The admin_edit function in app/Controller/UsersController.php in MISP 2.4.82 mishandles the enable_password field, which allows admins to discover a hashed password by reading the audit log.... Read more

    Affected Products : misp misp
    • EPSS Score: %0.30
    • Published: Nov. 25, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17774

    admin/configuration.php in Piwigo 2.9.2 has CSRF.... Read more

    Affected Products : piwigo
    • EPSS Score: %0.12
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.3

    MEDIUM
    CVE-2017-11348

    In Octopus Deploy 3.x before 3.15.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted NuGet package, potentially overwriting other packages or modifying system files. This is a directory traversal in ... Read more

    Affected Products : octopus_deploy octopus_server
    • EPSS Score: %0.63
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292508 Results