Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-5185

    A vulnerability was discovered in NetIQ Sentinel Server 8.0 before 8.0.1 that may allow remote denial of service.... Read more

    Affected Products : sentinel
    • EPSS Score: %0.56
    • Published: Mar. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7318

    Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command execution (RCE) vulnerability. This vulnerability allows a remote attacker to execute commands and retrieve information such as usernames and plaintext passwords from the device with ... Read more

    • EPSS Score: %10.09
    • Published: Mar. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2017-4977

    EMC RSA Archer Security Operations Management with RSA Unified Collector Framework versions prior to 1.3.1.52 contain a sensitive information disclosure vulnerability that could potentially be exploited by malicious users to compromise an affected system.... Read more

    • EPSS Score: %0.07
    • Published: Mar. 29, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-6846

    Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite backend before 7.6.2-rev59, 7.8.0 before 7.8.0-rev38, 7.8.2 before 7.8.2-rev8; AppSuite frontend before 7.6.2-rev47, 7.8.0 before 7.8.0-rev30, and 7.8.2 before 7.8.2-rev8; Office Web b... Read more

    • EPSS Score: %0.30
    • Published: Mar. 29, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-2687

    Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the integrated web server at port 10000/TCP which is prone to reflected Cross-Site Scripting attacks if an unsuspecting user is induced to click on a malicious link.... Read more

    Affected Products : ruggedcom_rox_i
    • EPSS Score: %0.32
    • Published: Mar. 29, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7297

    Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3.... Read more

    Affected Products : rancher rancher
    • EPSS Score: %0.60
    • Published: Mar. 29, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-0881

    An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from... Read more

    Affected Products : zulip_server
    • EPSS Score: %0.21
    • Published: Mar. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-9472

    Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attac... Read more

    Affected Products : revive_adserver
    • EPSS Score: %0.36
    • Published: Mar. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2016-9470

    Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machi... Read more

    Affected Products : revive_adserver
    • EPSS Score: %0.51
    • Published: Mar. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.2

    HIGH
    CVE-2016-9469

    Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be e... Read more

    Affected Products : gitlab
    • EPSS Score: %0.14
    • Published: Mar. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-9467

    Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake ... Read more

    Affected Products : owncloud nextcloud_server
    • EPSS Score: %1.04
    • Published: Mar. 28, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-9461

    Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated att... Read more

    Affected Products : owncloud nextcloud_server
    • EPSS Score: %0.76
    • Published: Mar. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-9455

    Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.ph... Read more

    Affected Products : revive_adserver
    • EPSS Score: %0.13
    • Published: Mar. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-9124

    Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducin... Read more

    Affected Products : revive_adserver
    • EPSS Score: %0.35
    • Published: Mar. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-1142

    IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attac... Read more

    Affected Products : kenexa_lcms_premier
    • EPSS Score: %0.18
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-6069

    Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter.... Read more

    Affected Products : subrion_cms
    • EPSS Score: %0.21
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-6971

    AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault... Read more

    • EPSS Score: %36.32
    • Published: Mar. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6067

    Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field.... Read more

    Affected Products : symphony symphony_cms
    • EPSS Score: %0.23
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-6002

    Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter.... Read more

    Affected Products : subrion_cms
    • EPSS Score: %0.13
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-6206

    Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted packet.... Read more

    Affected Products : ar3200_firmware ar3200
    • EPSS Score: %1.41
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292628 Results