Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2017-7297

    Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users disabling access control via an API call. This is fixed in versions rancher/server:v1.2.4, rancher/server:v1.3.5, rancher/server:v1.4.3, and rancher/server:v1.5.3.... Read more

    Affected Products : rancher rancher
    • EPSS Score: %0.60
    • Published: Mar. 29, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-0881

    An error in the implementation of an autosubscribe feature in the check_stream_exists route of the Zulip group chat application server before 1.4.3 allowed an authenticated user to subscribe to a private stream that should have required an invitation from... Read more

    Affected Products : zulip_server
    • EPSS Score: %0.21
    • Published: Mar. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-9472

    Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The Revive Adserver web installer scripts were vulnerable to a reflected XSS attack via the dbHost, dbUser, and possibly other parameters. It has to be noted that the window for such attac... Read more

    Affected Products : revive_adserver
    • EPSS Score: %0.36
    • Published: Mar. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2016-9470

    Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery/asyncspc.php` was vulnerable to the fairly new Reflected File Download (RFD) web attack vector that enables attackers to gain complete control over a victim's machi... Read more

    Affected Products : revive_adserver
    • EPSS Score: %0.51
    • Published: Mar. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.2

    HIGH
    CVE-2016-9469

    Multiple versions of GitLab expose a dangerous method to any authenticated user that could lead to the deletion of all Issue and MergeRequest objects on a GitLab instance. For GitLab instances with publicly available projects this vulnerability could be e... Read more

    Affected Products : gitlab
    • EPSS Score: %0.14
    • Published: Mar. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-9467

    Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake ... Read more

    Affected Products : owncloud nextcloud_server
    • EPSS Score: %1.04
    • Published: Mar. 28, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-9461

    Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on a WebDAV COPY action. This allowed an authenticated att... Read more

    Affected Products : owncloud nextcloud_server
    • EPSS Score: %0.76
    • Published: Mar. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-9455

    Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/admin/banner-activate.php`, `www/admin/banner-advanced.ph... Read more

    Affected Products : revive_adserver
    • EPSS Score: %0.13
    • Published: Mar. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-9124

    Revive Adserver before 3.2.3 suffers from Improper Restriction of Excessive Authentication Attempts. The login page of Revive Adserver is vulnerable to password-guessing attacks. An account lockdown feature was considered, but rejected to avoid introducin... Read more

    Affected Products : revive_adserver
    • EPSS Score: %0.35
    • Published: Mar. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-1142

    IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attac... Read more

    Affected Products : kenexa_lcms_premier
    • EPSS Score: %0.18
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-6069

    Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any tag, and can optionally insert XSS via the tags parameter.... Read more

    Affected Products : subrion_cms
    • EPSS Score: %0.21
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-6971

    AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow remote authenticated users to execute arbitrary commands in a privileged context, or launch a reverse shell, via vectors involving the PHP session ID and the NfSen PHP code, aka AlienVault... Read more

    • EPSS Score: %36.32
    • Published: Mar. 22, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6067

    Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field.... Read more

    Affected Products : symphony symphony_cms
    • EPSS Score: %0.23
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-6002

    Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add any blog entry, and can optionally insert XSS into that entry via the body parameter.... Read more

    Affected Products : subrion_cms
    • EPSS Score: %0.13
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-6206

    Huawei AR3200 routers with software before V200R007C00SPC600 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted packet.... Read more

    Affected Products : ar3200_firmware ar3200
    • EPSS Score: %1.41
    • Published: Mar. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.6

    MEDIUM
    CVE-2017-6911

    USB Pratirodh is prone to sensitive information disclosure. It stores sensitive information such as username and password in simple usb.xml. An attacker with physical access to the system can modify the file according his own requirements that may aid in ... Read more

    Affected Products : usb_pratirodh
    • EPSS Score: %0.09
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-6191

    Buffer overflow in APNGDis 2.8 and below allows a remote attacker to execute arbitrary code via a crafted filename.... Read more

    Affected Products : apng_disassembler
    • EPSS Score: %2.64
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-9169

    A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by ... Read more

    Affected Products : groupwise
    • EPSS Score: %0.44
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-5755

    NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking attacks due to a missing SAMEORIGIN filter in the "high encryption" setting.... Read more

    Affected Products : access_manager
    • EPSS Score: %0.13
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-5747

    A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDirectory before 9.0.1 allows remote attackers to bypass intended access restrictions by leveraging predictable cookies.... Read more

    Affected Products : edirectory
    • EPSS Score: %0.33
    • Published: Mar. 23, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292714 Results