Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2015-5183

    Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ.... Read more

    • EPSS Score: %0.40
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7731

    A weak password recovery vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows attacker to carry out information disclosure via the Forgotten Password feature.... Read more

    Affected Products : fortiportal
    • EPSS Score: %0.26
    • Published: May. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.6

    HIGH
    CVE-2017-7569

    In vBulletin before 5.3.0, remote attackers can bypass the CVE-2016-6483 patch and conduct SSRF attacks by leveraging the behavior of the PHP parse_url function, aka VBV-17037.... Read more

    Affected Products : vbulletin
    • EPSS Score: %0.40
    • Published: Apr. 06, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7556

    Hawtio versions up to and including 1.5.3 are vulnerable to CSRF vulnerability allowing remote attackers to trick the user to visit their website containing a malicious script which can be submitted to hawtio server on behalf of the user.... Read more

    Affected Products : hawtio
    • EPSS Score: %0.25
    • Published: Aug. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7456

    Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials.... Read more

    Affected Products : mxview
    • EPSS Score: %28.88
    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-7450

    AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated access to a big part of the management interface. It is possible to extract all information including the Wi-Fi password, reboot, or force a software update at an arbitrary time.... Read more

    Affected Products : hdmi_dongle_firmware hdmi_dongle
    • EPSS Score: %0.33
    • Published: Apr. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7402

    Pixie 1.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via the POST data in an admin/index.php?s=publish&x=filemanager request for a filename with a double extension, such as a .jpg.php file with Content-Type of image/jpeg.... Read more

    Affected Products : pixie pixie
    • EPSS Score: %9.32
    • Published: Apr. 03, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7391

    A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The vulnerability exists due to insufficient filtration of user-supplied data (prefix) passed to the 'magmi-git-master/magmi/web/ajax_gettime.php' URL. An attacker could execute arbitrary HTML... Read more

    Affected Products : magmi
    • EPSS Score: %8.89
    • Published: Apr. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-7366

    In all Android releases from CAF using the Linux kernel, a KGSL ioctl was not validating all of its parameters.... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-18001

    Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote attackers to append an arbitrary public key to the device's SSH Authorized Keys data, and consequently obtain remote root access, via the publicKey parameter to the /sendKey URI.... Read more

    Affected Products : secure_web_gateway
    • EPSS Score: %20.85
    • Published: Dec. 31, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-17995

    Biometric Shift Employee Management System has XSS via the Last_Name parameter in an index.php?user=ajax request.... Read more

    • EPSS Score: %0.21
    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17992

    Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action.... Read more

    • EPSS Score: %0.79
    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17990

    Biometric Shift Employee Management System has CSRF via index.php in an edit_holiday action.... Read more

    • EPSS Score: %0.13
    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-17985

    PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter.... Read more

    Affected Products : muslim_matrimonial_script
    • EPSS Score: %0.22
    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17931

    PHP Scripts Mall Resume Clone Script has SQL Injection via the forget.php username parameter.... Read more

    Affected Products : resume_clone_script
    • EPSS Score: %0.25
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-17907

    PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter.... Read more

    Affected Products : car_rental_script
    • EPSS Score: %0.24
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2017-6883

    The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image. The vuln... Read more

    Affected Products : foxit_reader phantompdf windows
    • EPSS Score: %0.11
    • Published: Mar. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17875

    The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the id parameter in a view=category action.... Read more

    Affected Products : jextn_faq_pro
    • EPSS Score: %1.41
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-17737

    The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and below) has XSS via the REF parameter to /network_diagnostics.html or /storage_info.html.... Read more

    Affected Products : 4k242_firmware 4k242
    • EPSS Score: %0.34
    • Published: Dec. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17731

    DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to plus/recommend.php.... Read more

    Affected Products : dedecms
    • EPSS Score: %86.44
    • Published: Dec. 18, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291812 Results