Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2017-6351

    The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device using the telnet protocol and log into the device with th... Read more

    Affected Products : wipg-1500_firmware wipg-1500
    • EPSS Score: %16.70
    • Published: Mar. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1245

    IBM Rational Software Architect Design Manager 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials ... Read more

    • EPSS Score: %0.20
    • Published: Jul. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2016-8417

    An elevation of privilege vulnerability in the Qualcomm camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privilege... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.24
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025

  • 8.5

    HIGH
    CVE-2016-9727

    IBM QRadar 7.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM Reference #: 1999... Read more

    • EPSS Score: %0.38
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-7784

    SQL injection vulnerability in the getSection function in framework/core/subsystems/expRouter.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter.... Read more

    Affected Products : exponent_cms
    • EPSS Score: %0.59
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-7780

    SQL injection vulnerability in cron/find_help.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.... Read more

    Affected Products : exponent_cms
    • EPSS Score: %0.59
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-6350

    OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (NULL pointer dereference and panic) via a sysctl call with a path starting with 10,9.... Read more

    Affected Products : openbsd openbsd
    • EPSS Score: %0.14
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-6245

    OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (kernel panic) via a large size in a getdents system call.... Read more

    Affected Products : openbsd openbsd
    • EPSS Score: %0.04
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-4949

    Cloudera Manager 5.5 and earlier allows remote attackers to obtain sensitive information via a (1) stderr.log or (2) stdout.log value in the filename parameter to /cmf/process/<process_id>/logs.... Read more

    Affected Products : manager
    • EPSS Score: %0.61
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-6416

    An issue was discovered in SysGauge 1.5.18. A buffer overflow vulnerability in SMTP connection verification leads to arbitrary code execution. The attack vector is a crafted SMTP daemon that sends a long 220 (aka "Service ready") string.... Read more

    Affected Products : sysgauge
    • EPSS Score: %64.64
    • Published: Mar. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6486

    A Cross-Site Scripting (XSS) issue was discovered in reasoncms before 4.7.1. The vulnerability exists due to insufficient filtration of user-supplied data (nyroModalSel) passed to the "reasoncms-master/www/nyroModal/demoSent.php" URL. An attacker could ex... Read more

    Affected Products : reasoncms
    • EPSS Score: %0.26
    • Published: Mar. 05, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-5866

    The autocomplete feature in the E-Mail share dialog in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows remote authenticated users to obtain sensitive information via unspecified vectors.... Read more

    Affected Products : owncloud
    • EPSS Score: %0.15
    • Published: Mar. 03, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-9892

    The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof... Read more

    • EPSS Score: %0.20
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-5230

    The Java keystore in all versions and editions of Rapid7 Nexpose prior to 6.4.50 is encrypted with a static password of 'r@p1d7k3y5t0r3' which is not modifiable by the user. The keystore provides storage for saved scan credentials in an otherwise secure l... Read more

    Affected Products : nexpose
    • EPSS Score: %0.44
    • Published: Mar. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2016-9992

    IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM Referen... Read more

    Affected Products : kenexa_lcms_premier
    • EPSS Score: %0.16
    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-5502

    libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via vectors involving left shift of a negative value.... Read more

    Affected Products : jasper
    • EPSS Score: %0.21
    • Published: Mar. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-4042

    Plone 3.3 through 5.1a1 allows remote attackers to obtain information about the ID of sensitive content via unspecified vectors.... Read more

    Affected Products : plone
    • EPSS Score: %0.23
    • Published: Feb. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6099

    Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in PayPal PHP Merchant SDK (aka merchant-sdk-php) 3.9.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter.... Read more

    Affected Products : merchant-sdk-php
    • EPSS Score: %0.23
    • Published: Feb. 24, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2016-8974

    IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume al... Read more

    Affected Products : rational_rhapsody_design_manager
    • EPSS Score: %0.38
    • Published: Feb. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-6206

    D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Information Disclosure attacks via unspecified vectors.... Read more

    • EPSS Score: %46.43
    • Published: Feb. 23, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292714 Results