Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2017-5241

    Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting (XSS) in the "Name" and "Description" fields of a Workspace, as well as the "Description" field of a File Details pane of a ... Read more

    Affected Products : secure_file_transfer
    • EPSS Score: %0.39
    • Published: Jun. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-9990

    Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.... Read more

    Affected Products : ffmpeg
    • EPSS Score: %0.97
    • Published: Jun. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9145

    TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS.... Read more

    Affected Products : tikiwiki_cms\/groupware
    • EPSS Score: %0.24
    • Published: Jun. 26, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-7781

    ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions.... Read more

    Affected Products : manageengine_firewall_analyzer
    • EPSS Score: %6.72
    • Published: Jun. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-2245

    Huawei Ascend P7 allows remote attackers to cause a denial of service (phone process crash).... Read more

    Affected Products : p7-l09_firmware p7-l09
    • EPSS Score: %0.32
    • Published: Jun. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-1591

    The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges.... Read more

    Affected Products : kamailio
    • EPSS Score: %0.06
    • Published: Jun. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2014-8149

    OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated users to write report data to arbitrary files.... Read more

    Affected Products : defense4all
    • EPSS Score: %1.07
    • Published: Jun. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2012-5010

    ASA 5515-X Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 9.4.x before 9.4.1 Interim, 9.2.x before 9.2.4 Interim, ASA 5510 Adaptive Security Appliance Adaptive Security Appliance (ASA) Software 8.4.x before 8.4.7 Interim, 8.2.x bef... Read more

    • EPSS Score: %0.32
    • Published: Jun. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2004-2778

    Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted commands via navigating to the affected directories, or exec... Read more

    Affected Products : portage
    • EPSS Score: %0.05
    • Published: Jun. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9982

    TeamSpeak Client 3.0.19 allows remote attackers to cause a denial of service (application crash) via the ᗪ Unicode character followed by the ༿ Unicode character.... Read more

    Affected Products : teamspeak_client
    • EPSS Score: %1.54
    • Published: Jun. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-1328

    IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to bypass security restrictions of the api, caused by improper handling of security policy. By crafting a suitable request, an attacker could exploit this vulnerability to bypass security and... Read more

    Affected Products : api_connect
    • EPSS Score: %0.28
    • Published: Jun. 27, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-9972

    IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the mi... Read more

    • EPSS Score: %0.26
    • Published: Jun. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-9738

    IBM QRadar 7.2 and 7.3 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 119783.... Read more

    • EPSS Score: %0.30
    • Published: Jun. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.0

    HIGH
    CVE-2017-6662

    A vulnerability in the web-based user interface of Cisco Prime Infrastructure (PI) and Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker read and write access to information stored in the affected system as well as ... Read more

    • EPSS Score: %0.95
    • Published: Jun. 26, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-6678

    A vulnerability in the ingress UDP packet processing functionality of Cisco Virtualized Packet Core-Distributed Instance (VPC-DI) Software 19.2 through 21.0 could allow an unauthenticated, remote attacker to cause both control function (CF) instances on a... Read more

    Affected Products : virtualized_packet_core
    • EPSS Score: %0.48
    • Published: Jun. 26, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-9807

    An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 open devices. The saveConfig function of "plugin/controllers/models/config.py" performs an eval() call on the contents of the "key" HTTP GET parameter. This allows an unauthenticated rem... Read more

    Affected Products : openwebif
    • EPSS Score: %14.04
    • Published: Jun. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-9840

    Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload files of dangerous types, which can result in arbitrary code execution within the context of the vulnerable application.... Read more

    Affected Products : dolibarr_erp\/crm dolibarr
    • EPSS Score: %0.75
    • Published: Jun. 25, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-9833

    /cgi-bin/wapopen in Boa 0.94.14rc21 allows the injection of "../.." using the FILECAMERA variable (sent by GET) to read files with root privileges. NOTE: multiple third parties report that this is a system-integrator issue (e.g., a vulnerability on one ty... Read more

    Affected Products : boa
    • EPSS Score: %90.75
    • Published: Jun. 24, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-1349

    IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially sensitive information from HTTP sessions that could be read by a local user. IBM X-Force ID: 126525.... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.06
    • Published: Jun. 23, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-1347

    IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force... Read more

    Affected Products : sterling_b2b_integrator
    • EPSS Score: %0.62
    • Published: Jun. 23, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291918 Results