Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2017-6623

    A vulnerability in a script file that is installed as part of the Cisco Policy Suite (CPS) Software distribution for the CPS appliance could allow an authenticated, local attacker to escalate their privilege level to root. The vulnerability is due to inco... Read more

    Affected Products : policy_suite cisco_policy_suite
    • Published: May. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-6622

    A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to bypass authentication and perform command injection with root privileges. The vulnerability is due to missing security const... Read more

    Affected Products : prime_collaboration_provisioning
    • Published: May. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-6621

    A vulnerability in the web interface of Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to access sensitive data. The attacker could use this information to conduct additional reconnaissance attacks. The vulnerabilit... Read more

    Affected Products : prime_collaboration_provisioning
    • Published: May. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-3980

    A directory traversal vulnerability in the ePO Extension in McAfee ePolicy Orchestrator (ePO) 5.9.0, 5.3.2, and 5.1.3 and earlier allows remote authenticated users to execute a command of their choice via an authenticated ePO session.... Read more

    Affected Products : epolicy_orchestrator
    • Published: May. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9072

    Two CalendarXP products have XSS in common parts of HTML files. CalendarXP FlatCalendarXP through 9.9.290 has XSS in iflateng.htm and nflateng.htm. CalendarXP PopCalendarXP through 9.8.308 has XSS in ipopeng.htm and npopeng.htm.... Read more

    Affected Products : flatcalendarxp popcalendarxp
    • Published: May. 18, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2017-9071

    In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. This is exploitable only in conjunction with other issues such as Cache Poisoning.... Read more

    Affected Products : modx_revolution revolution
    • Published: May. 18, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-9070

    In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php.... Read more

    Affected Products : modx_revolution revolution
    • Published: May. 18, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-9069

    In MODX Revolution before 2.5.7, a user with file upload permissions is able to execute arbitrary code by uploading a file with the name .htaccess.... Read more

    Affected Products : modx_revolution revolution
    • Published: May. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9068

    In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter.... Read more

    Affected Products : modx_revolution revolution
    • Published: May. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2017-9067

    In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is able to include and execute arbitrary files on the web server due to insufficient validation of the action parameter to setup/index.php, aka directory traversal.... Read more

    Affected Products : modx_revolution php revolution
    • Published: May. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7503

    It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed.... Read more

    • Published: May. 18, 2017
    • Modified: Apr. 20, 2025

  • 8.6

    HIGH
    CVE-2017-9066

    In WordPress before 4.7.5, there is insufficient redirect validation in the HTTP class, leading to SSRF.... Read more

    Affected Products : debian_linux wordpress
    • Published: May. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9065

    In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API.... Read more

    Affected Products : debian_linux wordpress
    • Published: May. 18, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-9064

    In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials.... Read more

    Affected Products : debian_linux wordpress
    • Published: May. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9063

    In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability related to the Customizer exists, involving an invalid customization session.... Read more

    Affected Products : debian_linux wordpress
    • Published: May. 18, 2017
    • Modified: Apr. 20, 2025

  • 8.6

    HIGH
    CVE-2017-9062

    In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API.... Read more

    Affected Products : debian_linux wordpress
    • Published: May. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9061

    In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability exists when attempting to upload very large files, because the error message does not properly restrict presentation of the filename.... Read more

    Affected Products : debian_linux wordpress
    • Published: May. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-7433

    An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe 4.0.2 and earlier allows a remote authenticated attacker to download arbitrary files from the server by submitting a specially crafted request to the viewFile endpoint. Note that the at... Read more

    Affected Products : vibe
    • Published: May. 18, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-9059

    The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and kernel dae... Read more

    Affected Products : linux_kernel
    • Published: May. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-9058

    In libytnef in ytnef through 1.9.2, there is a heap-based buffer over-read due to incorrect boundary checking in the SIZECHECK macro in lib/ytnef.c.... Read more

    Affected Products : ubuntu_linux ytnef
    • Published: May. 18, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294273 Results