Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.8

    MEDIUM
    CVE-2017-17929

    PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter.... Read more

    Affected Products : professional_service_script
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-17927

    PHP Scripts Mall Professional Service Script allows remote attackers to obtain sensitive full-path information via a crafted PATH_INFO to service-list/category/.... Read more

    Affected Products : professional_service_script
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-17926

    PHP Scripts Mall Professional Service Script has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address.... Read more

    Affected Products : professional_service_script
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17973

    In LibTIFF 4.0.8, there is a heap-based use-after-free in the t2p_writeproc function in tiff2pdf.c. NOTE: there is a third-party report of inability to reproduce this issue... Read more

    Affected Products : libtiff
    • Published: Dec. 29, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-17917

    SQL injection vulnerability in the 'where' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'id' parameter. NOTE: The vendor disputes this issue because the documentation states that this method i... Read more

    Affected Products : rails ruby_on_rails
    • Published: Dec. 29, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-17934

    ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, related to MSLPopImage and ProcessMSLScript, and associated with mishandling of MSLPushImage calls.... Read more

    Affected Products : ubuntu_linux imagemagick
    • Published: Dec. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-17920

    SQL injection vulnerability in the 'reorder' method in Ruby on Rails 5.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the 'name' parameter. NOTE: The vendor disputes this issue because the documentation states that this meth... Read more

    Affected Products : ruby_on_rails
    • Published: Dec. 29, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-17937

    Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search.... Read more

    Affected Products : marketplace_digital_products_php
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17936

    Vanguard Marketplace Digital Products PHP has CSRF via /search.... Read more

    Affected Products : marketplace_digital_products_php
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-17967

    pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote attackers to cause a denial of service via a crafted PPT file, aka CNVD-2017-35482.... Read more

    Affected Products : wps_office wps_office
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-17954

    PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter.... Read more

    Affected Products : php_multivendor_ecommerce
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.6

    HIGH
    CVE-2017-17952

    PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address.... Read more

    Affected Products : php_multivendor_ecommerce
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17951

    PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the shopping-cart.php cusid parameter.... Read more

    Affected Products : php_multivendor_ecommerce
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-17958

    PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter.... Read more

    Affected Products : php_multivendor_ecommerce
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-17975

    Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio re... Read more

    Affected Products : linux_kernel
    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-17984

    PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter.... Read more

    Affected Products : muslim_matrimonial_script
    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-17992

    Biometric Shift Employee Management System allows Arbitrary File Download via directory traversal sequences in the index.php form_file_name parameter in a download_form action.... Read more

    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-17989

    Biometric Shift Employee Management System has XSS via the index.php holiday_name parameter in an edit_holiday action.... Read more

    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2017-17982

    PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php.... Read more

    Affected Products : muslim_matrimonial_script
    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-18004

    Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint.... Read more

    Affected Products : zurmo_crm
    • Published: Dec. 31, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294798 Results