Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2015-0928

    libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference).... Read more

    Affected Products : libhtp
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-0101

    Cross-site scripting (XSS) vulnerability in IBM Business Process Manager Standard 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; IBM Business Process Manager Express 7.5.x before 7.5, 8.0.x before 8.0.1, 8.5.x before 8.5.5; and IBM Business Pro... Read more

    Affected Products : business_process_manager
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2014-9514

    Cross-site scripting (XSS) vulnerability in BMC Footprints Service Core 11.5.... Read more

    Affected Products : footprints_service_core
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2014-8900

    Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode Release 6.0.1.6 and earlier, 6.1.0.7 and earlier, and 6.1.1.1 and earlier.... Read more

    Affected Products : urbancode_deploy
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2014-8871

    Directory traversal vulnerability in hybris Commerce software suite 5.0.3.3 and earlier, 5.0.0.3 and earlier, 5.0.4.4 and earlier, 5.1.0.1 and earlier, 5.1.1.2 and earlier, 5.2.0.3 and earlier, and 5.3.0.1 and earlier.... Read more

    Affected Products : hybris
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2014-4925

    Cross-site scripting (XSS) vulnerability in Good for Enterprise for Android 2.8.0.398 and 1.9.0.40.... Read more

    Affected Products : android good_for_enterprise
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-12857

    Polycom SoundStation IP, VVX, and RealPresence Trio that are running software older than UCS 4.0.12, 5.4.5 rev AG, 5.4.7, 5.5.2, or 5.6.0 are affected by a vulnerability in their UCS web application. This vulnerability could allow an authenticated remote ... Read more

    • Published: Aug. 25, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-12707

    A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow.... Read more

    Affected Products : scada_microbrowser
    • Published: Aug. 25, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2014-7858

    The check_login function in D-Link DNR-326 before 2.10 build 03 allows remote attackers to bypass authentication and log in by setting the username cookie parameter to an arbitrary string.... Read more

    Affected Products : dnr-326_firmware dnr-326
    • Published: Aug. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-13686

    net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too late to check for a NULL fi field when RTM_F_FIB_MATCH is set, which allows local users to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact... Read more

    Affected Products : linux_kernel
    • Published: Aug. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-8308

    LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections.... Read more

    Affected Products : lxdm
    • Published: Aug. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9511

    The MultiPathResource class in Atlassian Fisheye and Crucible, before version 4.4.1 allows anonymous remote attackers to read arbitrary files via a path traversal vulnerability when Fisheye or Crucible is running on the Microsoft Windows operating system.... Read more

    Affected Products : crucible fisheye windows
    • Published: Aug. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-13671

    app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent XSS via comments. It only impacts the users of the same instance because the comment field is not part of the MISP synchronisation.... Read more

    Affected Products : misp
    • Published: Aug. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-13649

    UnrealIRCd 4.0.13 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script execut... Read more

    Affected Products : unrealircd
    • Published: Aug. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-13137

    The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the id parameter to form.php.... Read more

    Affected Products : formcraft formcraft
    • Published: Aug. 23, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-2102

    HAProxy statistics in openstack-tripleo-image-elements are non-authenticated over the network.... Read more

    Affected Products : haproxy
    • Published: Aug. 22, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2016-0202

    A vulnerability has been identified in tasks, backend object generated for handling any action performed by the application in IBM Cloud Orchestrator. It is possible for an authenticated user to view any task of the current users domain.... Read more

    Affected Products : cloud_orchestrator
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2015-7493

    IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information.... Read more

    Affected Products : infosphere_information_server
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-9748

    IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive information in error response messages that could be used for further attacks against the system.... Read more

    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-2866

    An unspecified vulnerability in IBM Jazz Team Server may disclose some deployment information to an authenticated user.... Read more

    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292772 Results