Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-12698

    An Improper Authentication issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Specially crafted requests allow a possible authentication bypass that could allow remote code execution.... Read more

    Affected Products : webaccess
    • Published: Aug. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14283

    XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000008fe4."... Read more

    Affected Products : xnview windows
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-12730

    An Unquoted Search Path issue was discovered in mySCADA myPRO Versions 7.0.26 and prior. Application services utilize unquoted search path elements, which could allow an attacker to execute arbitrary code with elevated privileges.... Read more

    Affected Products : mypro
    • Published: Oct. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2014-0208

    Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key name.... Read more

    Affected Products : foreman
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12359

    A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player for Advanced Recording Format (.arf) files could allow an attacker to execute arbitrary code on a system. An attacker could exploit this vulnerability by providing a user with a malic... Read more

    • Published: Nov. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-12352

    A vulnerability in certain system script files that are installed at boot time on Cisco Application Policy Infrastructure Controllers could allow an authenticated, local attacker to gain elevated privileges and execute arbitrary commands with root privile... Read more

    • Published: Nov. 30, 2017
    • Modified: Apr. 20, 2025

  • 8.2

    HIGH
    CVE-2017-12350

    A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and earlier could allow an authenticated, local attacker to log in to an affected virtual appliance with root privileges. The vulnerability is due to the presence of default, static user ... Read more

    • Published: Nov. 16, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17631

    Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the success-story.php succid parameter.... Read more

    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17622

    Online Exam Test Application Script 1.6 has SQL Injection via the exams.php sort parameter.... Read more

    • Published: Dec. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-1223

    IBM Tivoli Endpoint Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL display... Read more

    Affected Products : bigfix_platform
    • Published: Jul. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12139

    XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing MIME type validation in htdocs/class/uploader.php.... Read more

    Affected Products : xoops
    • Published: Aug. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-8799

    Untrusted input execution via igetwild in all iRODS versions before 4.1.11 and 4.2.1 allows other iRODS users (potentially anonymous) to execute remote shell commands via iRODS virtual pathnames. To exploit this vulnerability, a virtual iRODS pathname tha... Read more

    Affected Products : irods
    • Published: May. 05, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-8793

    An issue was discovered on Accellion FTA devices before FTA_9_12_180. By sending a POST request to home/seos/courier/web/wmProgressstat.html.php with an attacker domain in the acallow parameter, the device will respond with an Access-Control-Allow-Origin ... Read more

    Affected Products : file_transfer_appliance
    • Published: May. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-8452

    Kibana versions prior to 5.2.1 configured for SSL client access, file descriptors will fail to be cleaned up after certain requests and will accumulate over time until the process crashes.... Read more

    Affected Products : kibana
    • Published: Jun. 16, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8304

    An issue was discovered on Accellion FTA devices before FTA_9_12_180. courier/1000@/oauth/playground/callback.html allows XSS with a crafted URI.... Read more

    Affected Products : file_transfer_appliance
    • Published: May. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-9408

    Cross-site scripting (XSS) vulnerability in the Mod control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving editing users.... Read more

    Affected Products : mybb merge_system
    • Published: Jan. 31, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-5371

    Odata Server in SAP Adaptive Server Enterprise (ASE) 16 allows remote attackers to cause a denial of service (process crash) via a series of crafted requests, aka SAP Security Note 2330422.... Read more

    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-5197

    There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. The attack vector is a page name. An example payload is a crafted JavaScript event handler within a malformed SVG element.... Read more

    Affected Products : silverstripe
    • Published: Mar. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-7877

    Multiple SQL injection vulnerabilities in the User Dashboard module 7.x before 7.x-1.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : user_dashboard
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2014-9942

    In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist.... Read more

    Affected Products : android
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292803 Results