Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-1002153

    Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.... Read more

    Affected Products : koji
    • EPSS Score: %0.32
    • Published: Oct. 06, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2015-5246

    The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory.... Read more

    Affected Products : foreman
    • EPSS Score: %0.66
    • Published: Oct. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-2297

    nanohttp in libcsoap allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Authorization header.... Read more

    Affected Products : libcsoap
    • EPSS Score: %0.56
    • Published: Oct. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-2158

    Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file.... Read more

    Affected Products : pngcrush
    • EPSS Score: %0.41
    • Published: Oct. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2015-1206

    Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file.... Read more

    Affected Products : chrome
    • EPSS Score: %0.25
    • Published: Oct. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-13998

    An Insufficiently Protected Credentials issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not sufficiently protect sensitive information from unauthorized access.... Read more

    Affected Products : lvis-3me_firmware lvis-3me
    • EPSS Score: %0.45
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-13994

    A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The web interface lacks proper web request validation, which could allow XSS attacks to occur if an authenticated user of the web interface is tricked into clicking a ... Read more

    Affected Products : lvis-3me_firmware lvis-3me
    • EPSS Score: %0.26
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-13992

    An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME versions prior to 6.2.0. The application does not utilize sufficiently random number generation for the web interface authentication mechanism, which could allow remote code execution.... Read more

    Affected Products : lvis-3me_firmware lvis-3me
    • EPSS Score: %8.28
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-2880

    An memory corruption vulnerability exists in the .GIF parsing functionality of Computerinsel Photoline 20.02. A specially crafted .GIF file can cause a vulnerability resulting in potential code execution. An attacker can send specific .GIF file to trigger... Read more

    Affected Products : photoline
    • EPSS Score: %0.61
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-12106

    A memory corruption vulnerability exists in the .TGA parsing functionality of Computerinsel Photoline 20.02. A specially crafted .TGA file can cause an out of bounds write resulting in potential code execution. An attacker can send a specific .TGA file to... Read more

    Affected Products : photoline
    • EPSS Score: %0.39
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1522

    IBM Content Navigator & CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclo... Read more

    Affected Products : content_navigator
    • EPSS Score: %0.20
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-1378

    IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) disclosed unencrypted login credentials to Vmware vCenter in the application trace output which could be obtained by a local user. IBM X-Force ID: 126875.... Read more

    • EPSS Score: %0.04
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-1301

    IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to launch a symlink attack. IBM Spectrum Protect Backup-archive Client creates temporary files insecurely. A local attacker could exploit this vulnerability by creating a symbolic link from a t... Read more

    • EPSS Score: %0.10
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-8937

    The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) default authentication protocol is vulnerable to a brute force attack due to disclosing too much information during authentication. An attacker could gain user or administrative access to t... Read more

    • EPSS Score: %0.23
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-14354

    A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site scripting.... Read more

    Affected Products : ucmdb_foundation_software
    • EPSS Score: %0.48
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-12270

    A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco Network Convergence System (NCS) 5500 Series Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the emsd service stops. The vulnerab... Read more

    Affected Products : ios_xr carrier_routing_system
    • EPSS Score: %0.89
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12265

    A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface o... Read more

    Affected Products : adaptive_security_appliance
    • EPSS Score: %0.17
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-12263

    A vulnerability in the web interface of Cisco License Manager software could allow an unauthenticated, remote attacker to download and view files within the application that should be restricted, aka Directory Traversal. The issue is due to improper sanit... Read more

    Affected Products : license_manager
    • EPSS Score: %33.40
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-12256

    A vulnerability in the Akamai Connect feature of Cisco Wide Area Application Services (WAAS) Appliances could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition on an affected device. The vulnerability is due to certain... Read more

    Affected Products : wide_area_application_services
    • EPSS Score: %0.31
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-13993

    An Uncontrolled Search Path or Element issue was discovered in i-SENS SmartLog Diabetes Management Software, Version 2.4.0 and prior versions. An uncontrolled search path element vulnerability has been identified which could be exploited by placing a spec... Read more

    • EPSS Score: %0.15
    • Published: Oct. 05, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291946 Results