Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.3

    MEDIUM
    CVE-2017-1520

    IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized command that allows the database to be activated when authentication type is CLIENT. IBM X-Force ID: 129830.... Read more

    Affected Products : linux_kernel db2 windows db2_connect
    • Published: Sep. 12, 2017
    • Modified: Apr. 20, 2025

  • 4.9

    MEDIUM
    CVE-2017-15053

    TeamPass before 2.1.27.9 does not properly enforce manager access control when requesting roles.queries.php. It is then possible for a manager user to modify any arbitrary roles within the application, or delete any arbitrary role. To exploit the vulnerab... Read more

    Affected Products : teampass
    • Published: Nov. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2015-3656

    Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authorization checks.... Read more

    Affected Products : clearpass
    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-1491

    IBM QRadar Network Security 5.4 supports interaction between multiple actors and allows those actors to negotiate which algorithm should be used as a protection mechanism such as encryption or authentication, but it does not select the strongest algorithm... Read more

    Affected Products : qradar_network_security
    • Published: Sep. 05, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-14838

    TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange.... Read more

    Affected Products : job_links
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-3302

    The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism."... Read more

    • Published: Dec. 29, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-14711

    The Kickbase GmbH "Kickbase Bundesliga Manager" app before 2.2.1 -- aka kickbase-bundesliga-manager/id678241305 -- for iOS is vulnerable to a credentials leak due to transmitting a username and password in cleartext from client to server during registrati... Read more

    Affected Products : bundesliga_manager
    • Published: Nov. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14551

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .djvu file, related to "Data from Faulting Address controls Branch Selection starting at STDUDjVuFile!DllUnregisterServer+0x000000000... Read more

    Affected Products : stdu_viewer
    • Published: Sep. 18, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2015-3162

    Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked canceled job.... Read more

    Affected Products : beaker
    • Published: Sep. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-14498

    SilverStripe CMS before 3.6.1 has XSS via an SVG document that is mishandled by (1) the Insert Media option in the content editor or (2) an admin/assets/add pathname, as demonstrated by the admin/pages/edit/EditorToolbar/MediaForm/field/AssetUploadField/u... Read more

    Affected Products : silverstripe
    • Published: Sep. 15, 2017
    • Modified: Apr. 20, 2025

  • 7.4

    HIGH
    CVE-2015-2988

    Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certificates which might allow remote attackers to execute man-in-the-middle attacks.... Read more

    Affected Products : rakuten_card
    • Published: Oct. 10, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2016-0206

    IBM Cloud Orchestrator could allow a local authenticated attacker to cause the server to slow down for a short period of time by using a specially crafted and malformed URL.... Read more

    Affected Products : cloud_orchestrator
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14305

    STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address controls Branch Selection starting at STDUJBIG2File!DllUnregisterServer+0x000000000... Read more

    Affected Products : stdu_viewer
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-2882

    Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a password of M100-4674448 for the backdoor user account, and a ... Read more

    Affected Products : in.sight_b120\\37
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14281

    XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call ... Read more

    Affected Products : xnview windows
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14279

    XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005643."... Read more

    Affected Products : xnview windows
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-14276

    XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to "Possible Stack Corruption starting at jbig2dec+0x0000000000002fbe."... Read more

    Affected Products : xnview windows
    • Published: Sep. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14147

    An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. D... Read more

    • Published: Sep. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-14145

    HelpDEZk 1.1.1 has SQL Injection in app\modules\admin\controllers\loginController.php via the admin/login/getWarningInfo/id/ PATH_INFO, related to the selectWarning function.... Read more

    Affected Products : helpdezk
    • Published: Sep. 05, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-14127

    Command Injection in the Ping Module in the Web Interface on Technicolor TD5336 OI_Fw_v7 devices allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the pingAddr parameter to mnt_ping.cgi.... Read more

    Affected Products : td5336_firmware td5336
    • Published: Sep. 04, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293351 Results