Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2017-2187

    Cross-site scripting vulnerability in WP Live Chat Support prior to version 7.0.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : live_chat
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-2165

    GroupSession versions 4.6.4 and earlier allows remote authenticated attackers to bypass access restrictions to obtain sensitive information such as emails via unspecified vectors.... Read more

    Affected Products : groupsession
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-7833

    Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access restrictions to delete an arbitrary DBM (Cybozu Dezie proprietary format) file via unspecified vectors.... Read more

    Affected Products : dezie
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-7826

    Directory traversal vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to read arbitrary files via specially crafted POST requests.... Read more

    Affected Products : wnc01wh_firmware wnc01wh
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-7823

    Cross-site scripting vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : wnc01wh_firmware wnc01wh
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-7817

    Cross-site scripting vulnerability in Simple keitai chat 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : simple_keitai_chat
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-7813

    Cross-site scripting vulnerability in DERAEMON-CMS version 0.8.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the parameters hostname, database and username.... Read more

    Affected Products : deraemon-cms
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-7805

    The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... Read more

    Affected Products : mobigate
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-7802

    Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.... Read more

    Affected Products : garoon
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-4909

    Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.... Read more

    Affected Products : garoon
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4907

    Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.... Read more

    Affected Products : garoon
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2016-6098

    IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.... Read more

    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-3634

    The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values.... Read more

    Affected Products : slideshow
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-5648

    Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate.... Read more

    Affected Products : acer_portal
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2016-3108

    The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack.... Read more

    Affected Products : pulp
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.0

    MEDIUM
    CVE-2015-2253

    The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document.... Read more

    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-7346

    SQL injection vulnerability in ZCMS 1.1.... Read more

    Affected Products : zcms
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2014-9983

    Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files via a crafted archive.... Read more

    Affected Products : rar
    • Published: Jun. 04, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7966

    A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL.... Read more

    Affected Products : somachine
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2017-1125

    IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340.... Read more

    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292764 Results