Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2016-6114

    IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure withi... Read more

    Affected Products : emptoris_sourcing
    • EPSS Score: %0.27
    • Published: Jul. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2015-7743

    XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file.... Read more

    Affected Products : prtg_network_monitor
    • EPSS Score: %0.32
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2017-7664

    Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.... Read more

    Affected Products : openmeetings
    • EPSS Score: %0.63
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-3221

    Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords.... Read more

    Affected Products : amosconnect_8 amosconnect
    • EPSS Score: %2.05
    • Published: Jul. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-7711

    Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter.... Read more

    Affected Products : atutor
    • EPSS Score: %0.91
    • Published: Aug. 31, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-2230

    Untrusted search path vulnerability in Douro Kouji Kanseizutou Check Program Ver3.1 (cdrw_checker_3.1.0.lzh) and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    • EPSS Score: %0.39
    • Published: Jul. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17959

    PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter.... Read more

    Affected Products : php_multivendor_ecommerce
    • EPSS Score: %0.25
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-7563

    Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.... Read more

    Affected Products : teampass
    • EPSS Score: %0.11
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2015-7785

    GANMA! App for iOS does not verify SSL certificates.... Read more

    Affected Products : ganma\!
    • EPSS Score: %0.30
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2015-7514

    OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information.... Read more

    Affected Products : ironic
    • EPSS Score: %0.19
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-14591

    Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software.... Read more

    Affected Products : crucible fisheye
    • EPSS Score: %0.65
    • Published: Nov. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-7294

    ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username.... Read more

    Affected Products : ldapauth-fork
    • EPSS Score: %1.32
    • Published: Sep. 06, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-7274

    Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands.... Read more

    • EPSS Score: %2.30
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 8.5

    HIGH
    CVE-2015-7257

    ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password change request, and changing the username parameter from "sup... Read more

    Affected Products : zxv10_w300 zxv10_w300_firmware
    • EPSS Score: %16.74
    • Published: Aug. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-11516

    An XSS vulnerability exists in framework/views/errorHandler/exception.php in Yii Framework 2.0.12 affecting the exception screen when debug mode is enabled, because $exception->errorInfo is mishandled.... Read more

    Affected Products : yii
    • EPSS Score: %0.22
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-11501

    NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It was found that if TLS is enabled to connect to the LDAP ... Read more

    Affected Products : nixos
    • EPSS Score: %0.15
    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11494

    SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action.... Read more

    • EPSS Score: %2.77
    • Published: Aug. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11459

    SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via an fget command or (2) write to arbitrary files and consequently execute arbitrary code via an fdir command, aka SAP Security Note 2419592.... Read more

    Affected Products : trex
    • EPSS Score: %2.12
    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-6961

    Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the _next parameter to user/logout.... Read more

    Affected Products : web2py
    • EPSS Score: %0.23
    • Published: Oct. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-2864

    An exploitable vulnerability exists in the generation of authentication token functionality of Circle with Disney. Specially crafted network packets can cause a valid authentication token to be returned to the attacker resulting in authentication bypass. ... Read more

    • EPSS Score: %0.50
    • Published: Nov. 07, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291728 Results