Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2017-1132

    IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.27
    • Published: Jun. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-0897

    ExpressionEngine version 2.x < 2.11.8 and version 3.x < 3.5.5 create an object signing token with weak entropy. Successfully guessing the token can lead to remote code execution.... Read more

    Affected Products : expressionengine
    • EPSS Score: %0.75
    • Published: Jun. 22, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1096

    IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure wit... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.27
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-9983

    IBM Sterling B2B Integrator Standard Edition 5.2 could allow an authenticated user with special privileges to view files that they should not have access to. IBM X-Force ID: 120275.... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.28
    • Published: Jun. 22, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2015-7898

    Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).... Read more

    Affected Products : samsung_mobile galaxy_s6
    • EPSS Score: %0.16
    • Published: Jun. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-10673

    admin/profile.php in GetSimple CMS 3.x has XSS in a name field.... Read more

    Affected Products : getsimple_cms
    • EPSS Score: %0.24
    • Published: Jun. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-10731

    IrfanView version 4.44 (32bit) allows attackers to execute arbitrary code or cause a denial of service via a crafted .rle file, related to a "User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d80."... Read more

    Affected Products : irfanview
    • EPSS Score: %0.21
    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-0689

    A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36215950.... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jul. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-6114

    IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure withi... Read more

    Affected Products : emptoris_sourcing
    • EPSS Score: %0.27
    • Published: Jul. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2015-7743

    XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file.... Read more

    Affected Products : prtg_network_monitor
    • EPSS Score: %0.32
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2017-7664

    Uploaded XML documents were not correctly validated in Apache OpenMeetings 3.1.0.... Read more

    Affected Products : openmeetings
    • EPSS Score: %0.63
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-3221

    Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords.... Read more

    Affected Products : amosconnect_8 amosconnect
    • EPSS Score: %2.05
    • Published: Jul. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-7711

    Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the h parameter.... Read more

    Affected Products : atutor
    • EPSS Score: %0.91
    • Published: Aug. 31, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-2230

    Untrusted search path vulnerability in Douro Kouji Kanseizutou Check Program Ver3.1 (cdrw_checker_3.1.0.lzh) and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    • EPSS Score: %0.39
    • Published: Jul. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17959

    PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the seller-view.php usid parameter.... Read more

    Affected Products : php_multivendor_ecommerce
    • EPSS Score: %0.25
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-7563

    Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.... Read more

    Affected Products : teampass
    • EPSS Score: %0.11
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2015-7785

    GANMA! App for iOS does not verify SSL certificates.... Read more

    Affected Products : ganma\!
    • EPSS Score: %0.30
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2015-7514

    OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information.... Read more

    Affected Products : ironic
    • EPSS Score: %0.19
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-14591

    Atlassian Fisheye and Crucible versions less than 4.4.3 and version 4.5.0 are vulnerable to argument injection through filenames in Mercurial repositories, allowing attackers to execute arbitrary code on a system running the impacted software.... Read more

    Affected Products : crucible fisheye
    • EPSS Score: %0.65
    • Published: Nov. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-7294

    ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted username.... Read more

    Affected Products : ldapauth-fork
    • EPSS Score: %1.32
    • Published: Sep. 06, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291756 Results