Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2016-6484

    CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.... Read more

    Affected Products : netmri
    • EPSS Score: %0.44
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2014-8362

    Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface.... Read more

    • EPSS Score: %2.67
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-5182

    Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all... Read more

    • EPSS Score: %0.99
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2016-9870

    EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious use... Read more

    Affected Products : isilon_onefs isilon_onefs
    • EPSS Score: %0.07
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-6253

    mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.... Read more

    Affected Products : netbsd
    • EPSS Score: %14.96
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10143

    A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field.... Read more

    Affected Products : tikiwiki_cms\/groupware
    • EPSS Score: %0.41
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-3999

    Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104552 and 104703.... Read more

    Affected Products : zimbra_collaboration_suite
    • EPSS Score: %0.44
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-3413

    Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103996.... Read more

    Affected Products : zimbra_collaboration_suite
    • EPSS Score: %1.24
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-3409

    Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637.... Read more

    Affected Products : zimbra_collaboration_suite
    • EPSS Score: %0.44
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-3402

    Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect confidentiality via unknown vectors, aka bug 99167.... Read more

    Affected Products : zimbra_collaboration_suite
    • EPSS Score: %1.68
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2016-6526

    The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.... Read more

    Affected Products : samsung_mobile
    • EPSS Score: %0.13
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-8684

    Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with a... Read more

    Affected Products : exponent_cms
    • EPSS Score: %0.24
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-5521

    An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug... Read more

    • Actively Exploited
    • EPSS Score: %94.17
    • Published: Jan. 17, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-5520

    The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions.... Read more

    Affected Products : genixcms
    • EPSS Score: %0.52
    • Published: Jan. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5517

    SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter.... Read more

    Affected Products : genixcms
    • EPSS Score: %1.06
    • Published: Jan. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-8204

    A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.... Read more

    • EPSS Score: %71.34
    • Published: Jan. 14, 2017
    • Modified: Apr. 20, 2025

  • 8.0

    HIGH
    CVE-2016-8201

    A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster.... Read more

    Affected Products : virtual_traffic_manager
    • EPSS Score: %0.14
    • Published: Jan. 14, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-3890

    A reflected cross-site scripting vulnerability in the BlackBerry WatchDox Server components Appliance-X, version 1.8.1 and earlier, and vAPP, versions 4.6.0 to 5.4.1, allows remote attackers to execute script commands in the context of the affected browse... Read more

    Affected Products : workspaces_vapp appliance-x
    • EPSS Score: %0.29
    • Published: Jan. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-9882

    An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v250 and CAPI-release versions prior to v1.12.0. Cloud Foundry logs the credentials returned from service brokers in Cloud Controller system component logs. These logs are wr... Read more

    Affected Products : cf-release capi-release
    • EPSS Score: %0.37
    • Published: Jan. 13, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2016-3130

    An information disclosure vulnerability in the Core and Management Console in BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to obtain local or domain credentials of an administrator or user account by sniffing traffic betwee... Read more

    Affected Products : enterprise_service
    • EPSS Score: %0.34
    • Published: Jan. 13, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292714 Results