Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-2174

    Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-2173

    Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-2171

    Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to ... Read more

    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-2169

    Cross-site scripting vulnerability in MaxButtons prior to version 6.19 and MaxButtons Pro prior to version 6.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : maxbuttons
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-2168

    Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : wp_booking_system
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-2162

    FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows default credentials to be set for wireless LAN connections to the product when enabling the PhotoSh... Read more

    Affected Products : flashair
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2017-2161

    FlashAirTM SDHC Memory Card (SD-WE Series <W-03>) V3.00.02 and earlier and FlashAirTM SDHC Memory Card (SD-WD/WC Series <W-02>) V2.00.04 and earlier allows authenticated attackers to bypass access restrictions to obtain unauthorized image data via unspeci... Read more

    Affected Products : flashair
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-7804

    Untrusted search path vulnerability in 7 Zip for Windows 16.02 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : 7-zip
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-4905

    SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : wp-olivecart olivecart olivecartpro
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4904

    Cross-site request forgery (CSRF) vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows remote attackers to hijack the authentication of a user to perform unintended operations via unspecified vectors.... Read more

    Affected Products : wp-olivecart olivecart olivecartpro
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-4903

    Cross-site scripting vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : wp-olivecart olivecart olivecartpro
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-4901

    Untrusted search path vulnerability in The installer of e-Tax Software all versions allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : e-tax
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-4900

    Untrusted search path vulnerability in Evernote for Windows versions prior to 6.3 allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : evernote
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-4863

    The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware version 1.00.04 and later, FlashAir SD-WD/WC series Class 10 model W-02 with firmware version 2.00.02 and later, FlashAir SD-WE series Class 10 model W-03, FlashAir Class 6 model with firmwa... Read more

    Affected Products : flashair
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4854

    Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unspecified vectors.... Read more

    Affected Products : l-04d_firmware l-04d
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-9144

    In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because of incorrect EOF handling in coders/rle.c.... Read more

    Affected Products : debian_linux imagemagick
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-9143

    In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c allows attackers to cause a denial of service (memory leak) via a crafted .art file.... Read more

    Affected Products : debian_linux imagemagick
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-9142

    In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the WriteBlob function in MagickCore/blob.c because of missing checks in the ReadOneJNGImage function in coders/png.c.... Read more

    Affected Products : debian_linux imagemagick
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-9141

    In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion failure in the ResetImageProfileIterator function in MagickCore/profile.c because of missing checks in the ReadDDSImage function in coders/dds.c.... Read more

    Affected Products : debian_linux imagemagick
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2017-4916

    VMware Workstation Pro/Player contains a NULL pointer dereference vulnerability that exists in the vstor2 driver. Successful exploitation of this issue may allow host users with normal user privileges to trigger a denial-of-service in a Windows host machi... Read more

    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294522 Results