Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-9415

    Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view.... Read more

    Affected Products : subsonic
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-5300

    The panic_gate check in NTP before 4.2.8p5 is only re-enabled after the first change to the system clock that was greater than 128 milliseconds by default, which allows remote attackers to set NTP to an arbitrary time when started with the -g option, or t... Read more

    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-5219

    The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not properly perform type conversions from a precision value to a double, which allows remote attackers to cause a denial of service (infinite loop) via a crafted NTP packet.... Read more

    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-5195

    ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers to cause a denial of service (segmentation fault) via a crafted statistics or filegen configuration command that is not enabled during compilation.... Read more

    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-5194

    The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.... Read more

    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-4639

    Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, and 3.20.x before 3.20.1 allows remote attackers to inject arbitrary web script or HTML via a crafted list name.... Read more

    Affected Products : koha
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-3932

    Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object.... Read more

    Affected Products : mokka
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-3931

    Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Object.... Read more

    Affected Products : e-szigno
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-3886

    libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors.... Read more

    Affected Products : libinfinity
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-3640

    phpMyBackupPro 2.5 and earlier does not properly escape the "." character in request parameters, which allows remote authenticated users with knowledge of a web-accessible and web-writeable directory on the target system to inject and execute arbitrary PH... Read more

    Affected Products : phpmybackuppro
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-3639

    phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file.... Read more

    Affected Products : phpmybackuppro
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-3638

    phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users to execute arbitrary PHP code by injecting scripts via the path, filename, and period parameters to scheduled.php, and making requests to injected scripts, ... Read more

    Affected Products : phpmybackuppro
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-3421

    The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure atta... Read more

    Affected Products : eshop
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-3198

    The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL.... Read more

    Affected Products : jboss_wildfly_application_server
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2015-3170

    selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial of service (SSH login prevention) by creating a hardlink to /etc/passwd from a directory named .config, and updating selinux-policy.... Read more

    Affected Products : selinux
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2015-1323

    The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, before 1.1.1+bzr980-0ubuntu1.1 as packaged in Ubuntu 14.10, before 1.1.1-1ubuntu5.2 as packaged in Ubuntu 14.04 LTS, before 0.43+bzr805-0ubuntu10 as packaged... Read more

    Affected Products : ubuntu_linux
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9980

    In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the "PING" (aka tag_ipPing) feature within the web interface allows performing command injection, via the "pip" parameter.... Read more

    Affected Products : dx-350_firmware dx-350
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9932

    Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a default password of admin for the admin account.... Read more

    Affected Products : dx-350_firmware dx-350
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9931

    Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by the action parameter to ajax.cgi.... Read more

    Affected Products : dx-350_firmware dx-350
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-9930

    Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, as demonstrated by a request to ajax.cgi that enables UPnP.... Read more

    Affected Products : dx-350_firmware dx-350
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294842 Results