Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2017-3222

    Hard-coded credentials in AmosConnect 8 allow remote attackers to gain full administrative privileges, including the ability to execute commands on the Microsoft Windows host platform with SYSTEM privileges by abusing AmosConnect Task Manager.... Read more

    Affected Products : amosconnect
    • Published: Jul. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-3221

    Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote attackers to access user credentials, including user names and passwords.... Read more

    Affected Products : amosconnect_8 amosconnect
    • Published: Jul. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11521

    The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many media connections.... Read more

    Affected Products : debian_linux resiprocate
    • Published: Jul. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10400

    Directory Traversal exists in ATutor before 2.2.2 via the icon parameter to /mods/_core/courses/users/create_course.php. The attacker can read an arbitrary file by visiting get_course_icon.php?id= after the traversal attack.... Read more

    Affected Products : atutor
    • Published: Jul. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.1

    CRITICAL
    CVE-2017-2277

    WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors.... Read more

    Affected Products : wg-c10_firmware wg-c10
    • Published: Jul. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-2276

    Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.... Read more

    Affected Products : wg-c10_firmware wg-c10
    • Published: Jul. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-2275

    WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.... Read more

    Affected Products : wg-c10_firmware wg-c10
    • Published: Jul. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-2274

    Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: Jul. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-2273

    Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.... Read more

    • Published: Jul. 22, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-2126

    WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors.... Read more

    • Published: Jul. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7540

    rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege e... Read more

    Affected Products : safemode
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7523

    Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buffer overflow vulnerability in wcsxfrm/wcsxfrm_l functions resulting into denial-of-service by crashing the process or potential hijack of the process running with administrative privileg... Read more

    Affected Products : cygwin
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7480

    rkhunter versions before 1.4.4 are vulnerable to file download over insecure channel when doing mirror update resulting into potential remote code execution.... Read more

    Affected Products : rootkit_hunter
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11519

    passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511.... Read more

    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2017-1381

    IBM WebSphere Application Server Proxy Server or On-demand-router (ODR) 7.0, 8.0, 8.5, 9.0 and could allow a local attacker to obtain sensitive information, caused by stale data being cached and then served. IBM X-Force ID: 127152.... Read more

    Affected Products : websphere_application_server
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-1374

    Sensitive data can be exposed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 that can lead to an attacker gaining unauthorized access to the system. IBM X-Force ID: 126867.... Read more

    Affected Products : tririga_application_platform
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-1373

    Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute a report they do not have access to. IBM X-Force ID: 126866.... Read more

    Affected Products : tririga_application_platform
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1372

    IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosu... Read more

    Affected Products : tririga_application_platform
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-1371

    Builder tools running in the IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 contains a vulnerability that could allow an authenticated user to execute Builder tool actions they do not have access to. IBM X-Force ID: 126864.... Read more

    Affected Products : tririga_application_platform
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-1267

    IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 124742.... Read more

    Affected Products : security_guardium
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294826 Results