Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2014-7859

    Stack-based buffer overflow in login_mgr.cgi in D-Link firmware DNR-320L and DNS-320LW before 1.04b08, DNR-322L before 2.10 build 03, DNR-326 before 2.10 build 03, and DNS-327L before 1.04b01 allows remote attackers to execute arbitrary code by crafting m... Read more

    • EPSS Score: %11.42
    • Published: Aug. 25, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2014-5302

    Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 through v9.0 v9030; AssetExplorer v4 to v6.1; SupportCenter v5 to v7.9; IT360 v8 to v10.4 allows remote authenticated users to execute arbitrary code.... Read more

    • EPSS Score: %53.88
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-9233

    The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has CSRF with resultant XSS, related to cp_contactformpp.php and cp_contactformpp_admin_int_list.inc.php.... Read more

    Affected Products : cp_contact_form_with_paypal
    • EPSS Score: %0.23
    • Published: Sep. 30, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12677

    IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an Angular expression on the authorize response page, which might allow remote attackers to obtain sensitive information about the IdentityServer authorization response.... Read more

    Affected Products : identityserver3
    • EPSS Score: %0.23
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12648

    XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL.... Read more

    Affected Products : liferay_portal
    • EPSS Score: %0.25
    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12620

    When loading models or dictionaries that contain XML it is possible to perform an XXE attack, since Apache OpenNLP is a library, this only affects applications that load models or dictionaries from untrusted sources. The versions 1.5.0 to 1.5.3, 1.6.0, 1.... Read more

    Affected Products : opennlp
    • EPSS Score: %1.02
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-9069

    In all Qualcomm products with Android releases from CAF using the Linux kernel, the Secure File System can become corrupted.... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-9097

    The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring.... Read more

    Affected Products : mail
    • EPSS Score: %1.02
    • Published: Jun. 12, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-9068

    In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a mink syscall is not properly validated.... Read more

    Affected Products : android
    • EPSS Score: %0.15
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-9042

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when processing a QMI message.... Read more

    Affected Products : android
    • EPSS Score: %0.19
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2015-8987

    Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in McAfee (now Intel Security) Agent (MA) 4.8.0 patch 2 and earlier allows attackers to make a McAfee Agent talk with another, possibly rogue, ePO server via McAfee Agent migration to anot... Read more

    Affected Products : agent
    • EPSS Score: %0.14
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-0801

    A elevation of privilege vulnerability in the MediaTek libmtkomxvdec. Product: Android. Versions: Android kernel. Android ID: A-38447970. References: M-ALPS03337980.... Read more

    Affected Products : android
    • EPSS Score: %0.09
    • Published: Sep. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2013-7428

    The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to cause a denial of service via the url parameter to plugin_googlemap2_proxy.php.... Read more

    Affected Products : googlemaps
    • EPSS Score: %1.40
    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-0763

    A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62534693.... Read more

    Affected Products : android
    • EPSS Score: %0.21
    • Published: Sep. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2015-9230

    In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefix parameter.... Read more

    Affected Products : bulletproof_security
    • EPSS Score: %1.21
    • Published: Sep. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-4687

    Cross-site scripting (XSS) vulnerability in Ellucian (formerly SunGard) Banner Student 8.5.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : banner_student
    • EPSS Score: %0.20
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-1002004

    Vulnerability in wordpress plugin DTracker v1.5, In file ./dtracker/download.php user input isn't sanitized via the id variable before adding it to the end of an SQL query.... Read more

    Affected Products : dtracker
    • EPSS Score: %5.50
    • Published: Sep. 14, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1345

    IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a ... Read more

    Affected Products : insights_foundation_for_energy
    • EPSS Score: %0.20
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2015-8678

    The ION driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with softw... Read more

    Affected Products : mate_s_firmware p8_firmware p8 mate_s
    • EPSS Score: %0.12
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-1000108

    The Pipeline: Input Step Plugin by default allowed users with Item/Read access to a pipeline to interact with the step to provide input. This has been changed, and now requires users to have the Item/Build permission instead.... Read more

    Affected Products : pipeline-input-step
    • EPSS Score: %0.08
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291659 Results