Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2017-3212

    The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : space_coast_credit_union
    • EPSS Score: %0.22
    • Published: May. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8778

    GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.... Read more

    Affected Products : gitlab
    • EPSS Score: %0.07
    • Published: May. 04, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8763

    Cross-site scripting (XSS) vulnerability in modules/Base/Box/check_for_new_version.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URI that lacks the cid parameter.... Read more

    Affected Products : epesi
    • EPSS Score: %0.22
    • Published: May. 04, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-8762

    GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element.... Read more

    Affected Products : genixcms genixcms
    • EPSS Score: %0.32
    • Published: May. 03, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2017-6628

    A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide Area Application Services (WAAS) 6.2.1, 6.2.1a, and 6.2.3a could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition where the WAN optimization could ... Read more

    Affected Products : wide_area_application_services
    • EPSS Score: %0.63
    • Published: May. 03, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-5481

    Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 allows remote authenticated users to gain privileges by leveraging a leak of an encrypted password during a web-console operation.... Read more

    Affected Products : officescan
    • EPSS Score: %0.48
    • Published: May. 03, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-5236

    Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 contain a DLL preloading vulnerability, wherein it is possible for the installer to load a malicious DLL located in the current working directory of the installer.... Read more

    Affected Products : appspider_pro
    • EPSS Score: %0.26
    • Published: May. 03, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-8458

    Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://[email protected]/ is displayed without a clear UI indication that it is not a resource on the safe.example.com web site.... Read more

    Affected Products : brave
    • EPSS Score: %0.45
    • Published: May. 03, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10367

    In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, prior to 4.6.4.162391051, and 4.5.x without a certain 2016 security patch), an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP G... Read more

    Affected Products : opsview
    • EPSS Score: %52.47
    • Published: May. 03, 2017
    • Modified: Apr. 20, 2025

  • 4.9

    MEDIUM
    CVE-2016-5810

    upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators to obtain sensitive password information via unspecified vectors.... Read more

    Affected Products : webaccess
    • EPSS Score: %25.40
    • Published: May. 02, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-4467

    The C client and C-based client bindings in the Apache Qpid Proton library before 0.13.1 on Windows do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate wh... Read more

    Affected Products : qpid_proton
    • EPSS Score: %0.41
    • Published: May. 02, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-4442

    The rack-mini-profiler gem before 0.10.1 for Ruby allows remote attackers to obtain sensitive information about allocated strings and objects by leveraging incorrect ordering of security checks.... Read more

    Affected Products : rack-mini-profiler
    • EPSS Score: %0.28
    • Published: May. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2015-8257

    The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.sht... Read more

    • EPSS Score: %19.13
    • Published: May. 02, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-8388

    GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger MSG_USER_EMAIL_EXIST protection mechanism via a register.php?act=edit&id=1 request.... Read more

    Affected Products : genixcms genixcms
    • EPSS Score: %0.43
    • Published: May. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-8376

    GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is mishandled during a mouse operation by an administrator.... Read more

    Affected Products : genixcms genixcms
    • EPSS Score: %0.32
    • Published: May. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-8385

    Craft CMS before 2.6.2976 does not prevent modification of the URL in a forgot-password email message.... Read more

    Affected Products : craft_cms
    • EPSS Score: %0.28
    • Published: May. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-10351

    Telegram Desktop 0.10.19 uses 0755 permissions for $HOME/.TelegramDesktop, which allows local users to obtain sensitive authentication information via standard filesystem operations.... Read more

    Affected Products : telegram_desktop
    • EPSS Score: %0.05
    • Published: May. 01, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-8081

    Poor cryptographic salt initialization in admin/inc/template_functions.php in GetSimple CMS 3.3.13 allows a network attacker to escalate privileges to an arbitrary user or conduct CSRF attacks via calculation of a session cookie or CSRF nonce.... Read more

    Affected Products : getsimple_cms
    • EPSS Score: %0.35
    • Published: Apr. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-8339

    PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a denial of service (BSoD) via a crafted DeviceIoControl request to \\.\PSMEMDriver.... Read more

    Affected Products : panda_antivirus
    • EPSS Score: %0.15
    • Published: Apr. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-7981

    Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 SyntaxHighlighter plugin. This occurs in the Project Wiki component because the proc_open PHP function is used within PhpWiki before 1.5.5 with a syntax value in its first argument, and an ... Read more

    Affected Products : tuleap phpwiki
    • EPSS Score: %25.73
    • Published: Apr. 29, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292048 Results