Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2016-8713

    A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a... Read more

    Affected Products : nitro_pdf_pro
    • EPSS Score: %0.02
    • Published: Feb. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-5942

    An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail.... Read more

    Affected Products : wp_mail
    • EPSS Score: %0.19
    • Published: Feb. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-10216

    An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The vulnerability exists due to insufficient filtration of user-supplied data in the "value" HTTP POST parameter passed to the "itdb-1.23/js/DataTables-1.8.2/examples/examples_support/edita... Read more

    Affected Products : it_items_database
    • EPSS Score: %0.33
    • Published: Feb. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-5858

    An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks.... Read more

    Affected Products : converse.js
    • EPSS Score: %0.25
    • Published: Feb. 09, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-5606

    An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks.... Read more

    Affected Products : xabber
    • EPSS Score: %0.38
    • Published: Feb. 09, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-5634

    The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows physically proximate attackers to bypass the intended "Please select booking identification" UI step, and obtain administrative privileges and network access on the underlying Windows OS, ... Read more

    Affected Products : norwegian_air_kiosk
    • EPSS Score: %0.06
    • Published: Feb. 09, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2017-0451

    An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. P... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.09
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-5726

    Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the themechanges array parameter.... Read more

    Affected Products : simple_machines_forum
    • EPSS Score: %0.84
    • Published: Feb. 09, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-4988

    Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer plugin before 1.16.0 in Jenkins allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.... Read more

    Affected Products : build_failure_analyzer
    • EPSS Score: %0.10
    • Published: Feb. 09, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2015-6024

    ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the DIA_IPADDRESS parameter.... Read more

    Affected Products : hspa_3g10wve_firmware hspa_3g10wve
    • EPSS Score: %45.77
    • Published: Feb. 09, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-6023

    ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. NOTE: this issue can be combined with CVE-2015-6024 to execut... Read more

    Affected Products : hspa_3g10wve_firmware hspa_3g10wve
    • EPSS Score: %5.02
    • Published: Feb. 09, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-5902

    IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted ses... Read more

    • EPSS Score: %0.32
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-5900

    IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could allow a remote attacker to obtain sensitive information, caused by the failure to properly validate the TLS certificate. An attacker could exploit this vulnerability to obtain sensitive... Read more

    • EPSS Score: %0.12
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-0307

    IBM Connections 5.5 and earlier allows remote attackers to obtain sensitive information by reading stack traces in returned responses.... Read more

    Affected Products : connections
    • EPSS Score: %0.26
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-0305

    IBM Connections is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security c... Read more

    Affected Products : connections
    • EPSS Score: %0.16
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-0214

    IBM Tivoli Endpoint Manager could allow a remote attacker to upload arbitrary files. A remote attacker could exploit this vulnerability to upload a malicious file. The only way that file would be executed would be through a phishing attack to trick an uns... Read more

    Affected Products : bigfix_platform
    • EPSS Score: %0.48
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2016-4865

    Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 allows attackers with administrator rights to inject arbitrary web script or HTML via the Customapp function.... Read more

    Affected Products : office
    • EPSS Score: %0.40
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.9

    MEDIUM
    CVE-2015-8780

    Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury.... Read more

    Affected Products : kies
    • EPSS Score: %0.06
    • Published: Apr. 13, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7878

    SQL Injection vulnerability in flatCore version 1.4.6 allows an attacker to read and write to the users database.... Read more

    Affected Products : flatcore-cms
    • EPSS Score: %0.23
    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7696

    SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote attackers to cause a denial of service (memory consumption) via large values in the width and height parameters to otp_logon_ui_resources/qr, aka SAP Security Note 2389042.... Read more

    Affected Products : sso_authentication_library
    • EPSS Score: %1.79
    • Published: Apr. 14, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292238 Results