Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2016-7813

    Cross-site scripting vulnerability in DERAEMON-CMS version 0.8.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the parameters hostname, database and username.... Read more

    Affected Products : deraemon-cms
    • EPSS Score: %0.32
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-7811

    Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors.... Read more

    Affected Products : cg-wlr300nx_firmware cg-wlr300nx
    • EPSS Score: %0.07
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2016-7810

    Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : cg-wlr300nx_firmware cg-wlr300nx
    • EPSS Score: %0.47
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-7806

    I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors.... Read more

    Affected Products : wfs-sr01_firmware wfs-sr01
    • EPSS Score: %11.02
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-7805

    The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate App for iOS version 2.2.4.1 and earlier do not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... Read more

    Affected Products : mobigate
    • EPSS Score: %0.26
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-7802

    Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to read arbitrary files via unspecified vectors.... Read more

    Affected Products : garoon
    • EPSS Score: %3.53
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-4910

    Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to delete other operational administrators' MultiReport filters via unspecified vectors.... Read more

    Affected Products : garoon
    • EPSS Score: %0.15
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-4909

    Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to hijack the authentication of a logged in user to force a logout via unspecified vectors.... Read more

    Affected Products : garoon
    • EPSS Score: %0.23
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-4908

    Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to bypass access restriction to alter or delete another user's private RSS settings via unspecified vectors.... Read more

    Affected Products : garoon
    • EPSS Score: %0.21
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4907

    Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors.... Read more

    Affected Products : garoon
    • EPSS Score: %0.32
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-8987

    IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view.... Read more

    • EPSS Score: %0.21
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2016-6098

    IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.... Read more

    • EPSS Score: %0.14
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-3913

    The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message.... Read more

    • EPSS Score: %0.28
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-3634

    The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values.... Read more

    Affected Products : slideshow
    • EPSS Score: %2.07
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-5648

    Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which allows remote attackers to perform a Man-in-the-middle attack via a crafted SSL certificate.... Read more

    Affected Products : acer_portal
    • EPSS Score: %1.34
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2014-7919

    b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger a denial of service (null pointer dereference and process crash).... Read more

    Affected Products : android
    • EPSS Score: %0.31
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4471

    ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code.... Read more

    • EPSS Score: %1.64
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2016-3108

    The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows local users to leak the keys or write to arbitrary files via a symlink attack.... Read more

    Affected Products : pulp
    • EPSS Score: %0.04
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-2800

    The user authentication module in Huawei Campus switches S5700, S5300, S6300, and S6700 with software before V200R001SPH012 and S7700, S9300, and S9700 with software before V200R001SPH015 allows remote attackers to cause a denial of service (device restar... Read more

    • EPSS Score: %2.80
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 5.0

    MEDIUM
    CVE-2015-2253

    The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document.... Read more

    • EPSS Score: %0.08
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292048 Results