Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-2151

    Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : booking_calendar
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-2150

    Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter.... Read more

    Affected Products : booking_calendar
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2149

    Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Softwar... Read more

    Affected Products : flashair
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-2148

    Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : wn-ac1167gr_firmware wn-ac1167gr
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-2147

    Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : wp_statistics wp_statistics
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-2143

    CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a customer purchased item via rma.post.php.... Read more

    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-2142

    Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.... Read more

    Affected Products : wn-g300r3_firmware wn-g300r3
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-2141

    WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors.... Read more

    Affected Products : wn-g300r3_firmware wn-g300r3
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-2140

    Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be executed in the context of the application due to specially crafted directory.... Read more

    Affected Products : tablacus_explorer
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-2139

    CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction to obtain customer information via orders.pre.php.... Read more

    Affected Products : cs-cart
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-2137

    ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote attackers to bypass access restriction and change configurations of the switch via SOAP requests.... Read more

    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-2136

    Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.... Read more

    Affected Products : wp_statistics wp_statistics
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-2135

    Cross-site scripting vulnerability in WP Statistics version 12.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : wp_statistics wp_statistics
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-2134

    Cross-site scripting vulnerability in ASSETBASE 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : assetbase
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-2130

    Untrusted search path vulnerability in the installer of PhishWall Client Internet Explorer version Ver. 3.7.13 and earlier allows remote attackers to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : phishwall_client
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-2128

    Security guide for website operators allows remote attackers to execute arbitrary OS commands via specially crafted saved data.... Read more

    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-2127

    Cross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : yop_poll
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-2125

    Privilege escalation vulnerability in CentreCOM AR260S V2 remote authenticated attackers to gain privileges via the guest account.... Read more

    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-2124

    Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via contact.php.... Read more

    Affected Products : onethird_cms onethird
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-2123

    Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via language.php.... Read more

    Affected Products : onethird_cms onethird
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294155 Results