Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.8

    MEDIUM
    CVE-2018-0216

    A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. The vu... Read more

    Affected Products : identity_services_engine
    • Published: Mar. 08, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2017-8650

    Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability".... Read more

    Affected Products : edge windows_10
    • Published: Aug. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2017-7200

    An SSRF issue was discovered in OpenStack Glance before Newton. The 'copy_from' feature in the Image Service API v1 allowed an attacker to perform masked network port scans. With v1, it is possible to create images with a URL such as 'http://localhost:22'... Read more

    Affected Products : glance glance
    • Published: Mar. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2017-6932

    Drupal core 7.x versions before 7.57 has an external link injection vulnerability when the language switcher block is used. A similar vulnerability exists in various custom and contributed modules. This vulnerability could allow an attacker to trick users... Read more

    Affected Products : debian_linux drupal
    • Published: Mar. 01, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2017-6620

    A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation... Read more

    • Published: May. 03, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2017-5782

    A missing HSTS Header vulnerability in HPE Matrix Operating Environment version v7.6 was found.... Read more

    Affected Products : matrix_operating_environment
    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-0234

    Due to an improper Initialization vulnerability on Juniper Networks Junos OS QFX5100-96S devices with QFX 5e Series image installed, ddos-protection configuration changes will not take effect beyond the default DDoS (Distributed Denial of Service) setting... Read more

    Affected Products : junos qfx5100-96s
    • Published: Apr. 22, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2017-3818

    A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device, aka a Malforme... Read more

    Affected Products : email_security_appliance_firmware
    • Published: Feb. 03, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2017-3827

    A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user fil... Read more

    • Published: Feb. 22, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2017-3799

    A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection. More Information: CSCzu78401. Known Affected Releases: T28.1.... Read more

    Affected Products : webex_meeting_center
    • Published: Jan. 26, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2017-3515

    Vulnerability in the Oracle User Management component of Oracle E-Business Suite (subcomponent: User Name/Password Management). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploitable" vulnerability allows u... Read more

    Affected Products : e-business_suite user_management
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2017-3528

    Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Popup windows (lists of values, datepicker, etc.)). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily "exploita... Read more

    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2017-3255

    Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: ADF Faces). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vuln... Read more

    Affected Products : jdeveloper
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2021-24166

    The wp_ajax_nf_oauth_disconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connec... Read more

    Affected Products : ninja_forms
    • Published: Apr. 05, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2017-10277

    Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Net). Supported versions that are affected are 6.9.9 and earlier. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple pr... Read more

    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2016-4323

    A directory traversal exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an overwrite of files. A malicious server or someone with access to the network traffic can provide a... Read more

    Affected Products : ubuntu_linux debian_linux pidgin
    • Published: Jan. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2016-3608

    Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration.... Read more

    Affected Products : glassfish_server
    • Published: Jul. 21, 2016
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2015-6112

    SChannel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 lacks the required extended master-secret binding support to ensure that a ser... Read more

    • Published: Nov. 11, 2015
    • Modified: Apr. 12, 2025

  • 5.8

    MEDIUM
    CVE-2021-24113

    Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability... Read more

    Affected Products : edge_chromium
    • Published: Feb. 25, 2021
    • Modified: Nov. 21, 2024

  • 5.8

    MEDIUM
    CVE-2021-24104

    Microsoft SharePoint Server Spoofing Vulnerability... Read more

    • Published: Mar. 11, 2021
    • Modified: Nov. 21, 2024
Showing 20 of 294848 Results