Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2015-3932

    Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object.... Read more

    Affected Products : mokka
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-3931

    Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object.... Read more

    Affected Products : e-szigno
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-3886

    libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors.... Read more

    Affected Products : libinfinity
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-3640

    phpMyBackupPro 2.5 and earlier does not properly escape the "." character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target system to inject and execute arbitrary PH... Read more

    Affected Products : phpmybackuppro
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-3639

    phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file.... Read more

    Affected Products : phpmybackuppro
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-3638

    phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, ... Read more

    Affected Products : phpmybackuppro
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-3421

    The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure atta... Read more

    Affected Products : eshop
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-3198

    The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL.... Read more

    Affected Products : jboss_wildfly_application_server
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2015-3170

    selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy.... Read more

    Affected Products : selinux
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2015-1323

    The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ubuntu 14.04 LTS, before 0.43+bzr805-0ubuntu10 as packaged... Read more

    Affected Products : ubuntu_linux
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9980

    In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the "PING" (aka tag_ipPing) feature within the web interface allows performing command injection, via the "pip" parameter.... Read more

    Affected Products : dx-350_firmware dx-350
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9932

    Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account.... Read more

    Affected Products : dx-350_firmware dx-350
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9931

    Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by the action parameter to ajax.cgi.... Read more

    Affected Products : dx-350_firmware dx-350
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-9930

    Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by a request to ajax.cgi that enables UPnP.... Read more

    Affected Products : dx-350_firmware dx-350
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-10993

    Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to include and execute arbitrary local PHP files via a crafted parameter in a URL, aka Directory Traversal.... Read more

    Affected Products : contao contao_cms
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-11503

    PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php.... Read more

    Affected Products : phpmailer
    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-11502

    Technicolor DPC3928AD DOCSIS devices allow remote attackers to read arbitrary files via a request starting with "GET /../" on TCP port 4321.... Read more

    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-11501

    NixOS 17.03 and earlier has an unintended default absence of SSL Certificate Validation for LDAP. The users.ldap NixOS module implements user authentication against LDAP servers via a PAM module. It was found that if TLS is enabled to connect to the LDAP ... Read more

    Affected Products : nixos
    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11468

    Docker Registry before 2.6.2 in Docker Distribution does not properly restrict the amount of content accepted from a user, which allows remote attackers to cause a denial of service (memory consumption) via the manifest endpoint.... Read more

    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-11500

    A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php.... Read more

    Affected Products : metinfo
    • Published: Jul. 20, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294836 Results