Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2016-5889

    IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 115085.... Read more

    Affected Products : interact
    • EPSS Score: %0.16
    • Published: May. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-3032

    IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sessi... Read more

    Affected Products : cognos_analytics
    • EPSS Score: %0.24
    • Published: May. 10, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-8874

    Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts.... Read more

    Affected Products : mautic mautic
    • EPSS Score: %0.12
    • Published: May. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-7967

    All versions of VAMPSET software produced by Schneider Electric, prior to V2.2.189, are susceptible to a memory corruption vulnerability when a corrupted vf2 file is used. This vulnerability causes the software to halt or not start when trying to open the... Read more

    Affected Products : vampset
    • EPSS Score: %0.06
    • Published: May. 09, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-3067

    Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms.... Read more

    Affected Products : experience_manager_forms
    • EPSS Score: %4.53
    • Published: May. 09, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-6799

    Product: Apache Cordova Android 5.2.2 and earlier. The application calls methods of the Log class. Messages passed to these methods (Log.v(), Log.d(), Log.i(), Log.w(), and Log.e()) are stored in a series of circular buffers on the device. By default, a m... Read more

    Affected Products : cordova
    • EPSS Score: %0.46
    • Published: May. 09, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-4982

    EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and 8.1.0 contains a fix for a privilege management vulnerability that could potentially be exploited by malicious users to compromise the affected system.... Read more

    • EPSS Score: %0.97
    • Published: May. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-0893

    Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a vulnerable JavaScript library for sanitizing untrusted user-input which suffered from a XSS vulnerability caused by a behaviour change in Safari 10.1 and 10.2. Note that Nextcloud employs... Read more

    Affected Products : nextcloud_server
    • EPSS Score: %0.25
    • Published: May. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-8209

    Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and rel... Read more

    • EPSS Score: %0.47
    • Published: May. 08, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-8848

    Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a password.... Read more

    Affected Products : allen_disk allendisk
    • EPSS Score: %0.10
    • Published: May. 08, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8833

    Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: 1.6.0 is not an official release but the vendor's README.md file offers a link to v160.zip with a description of "Download latest in-development version from github."... Read more

    Affected Products : zen_cart
    • EPSS Score: %0.24
    • Published: May. 08, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-6031

    A Header Injection issue was discovered in Certec EDV GmbH atvise scada prior to Version 3.0. An "improper neutralization of HTTP headers for scripting syntax" issue has been identified, which may allow remote code execution.... Read more

    Affected Products : atvise_scada
    • EPSS Score: %1.17
    • Published: May. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-6877

    Citrix XenMobile Server before 10.5.0.24 allows man-in-the-middle attackers to trigger HTTP 302 redirections via vectors involving the HTTP Host header and a cached page. NOTE: the vendor reports "our internal analysis of this issue concluded that this w... Read more

    Affected Products : xenmobile_server
    • EPSS Score: %0.78
    • Published: May. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8801

    Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build before 6152) and XG before CP 1352 has XSS via a crafted URI using a blocked website.... Read more

    Affected Products : officescan
    • EPSS Score: %0.33
    • Published: May. 05, 2017
    • Modified: Apr. 20, 2025

  • 8.6

    HIGH
    CVE-2016-9692

    IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-s... Read more

    Affected Products : websphere_cast_iron_solution
    • EPSS Score: %0.61
    • Published: May. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8792

    An issue was discovered on Accellion FTA devices before FTA_9_12_180. There is XSS in home/seos/courier/user_add.html with the param parameter.... Read more

    Affected Products : file_transfer_appliance
    • EPSS Score: %0.24
    • Published: May. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-8303

    An issue was discovered on Accellion FTA devices before FTA_9_12_180. seos/1000/find.api allows Remote Code Execution with shell metacharacters in the method parameter.... Read more

    Affected Products : file_transfer_appliance
    • EPSS Score: %10.24
    • Published: May. 05, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-5919

    The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : 21st_century_insurance
    • EPSS Score: %0.12
    • Published: May. 05, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-5916

    The America's First Federal Credit Union (FCU) Mobile Banking app 3.1.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    • EPSS Score: %0.12
    • Published: May. 05, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-5912

    The FOREX.com FOREXTrader for iPhone app 2.9.12 through 2.9.14 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : forextrader
    • EPSS Score: %0.12
    • Published: May. 05, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292048 Results