Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-6668

    The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to o... Read more

    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-1281

    Untrusted search path vulnerability in the installer for TrueCrypt 7.2 and 7.1a, VeraCrypt before 1.17-BETA, and possibly other products allows local users to execute arbitrary code with administrator privileges and conduct DLL hijacking attacks via a Tro... Read more

    Affected Products : veracrypt truecrypt
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-6521

    Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code vi... Read more

    Affected Products : grails
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-6484

    CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.... Read more

    Affected Products : netmri
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2014-8362

    Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface.... Read more

    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-5182

    Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure. This vulnerability is present on all... Read more

    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2016-9870

    EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious use... Read more

    Affected Products : isilon_onefs isilon_onefs
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-6253

    mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox.... Read more

    Affected Products : netbsd
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10143

    A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field.... Read more

    Affected Products : tikiwiki_cms\/groupware
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-3999

    Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104552 and 104703.... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-3413

    Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect integrity via unknown vectors, aka bug 103996.... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-3409

    Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 102637.... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-3402

    Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to affect confidentiality via unknown vectors, aka bug 99167.... Read more

    Affected Products : zimbra_collaboration_suite
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2016-6526

    The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.... Read more

    Affected Products : samsung_mobile
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-8684

    Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with a... Read more

    Affected Products : exponent_cms
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-5521

    An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000 devices. They are prone to password disclosure via simple crafted requests to the web management server. The bug... Read more

    • Actively Exploited
    • Published: Jan. 17, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-5520

    The media rename feature in GeniXCMS through 0.0.8 does not consider alternative PHP file extensions when checking uploaded files for PHP content, which enables a user to rename and execute files with the `.php6`, `.php7` and `.phtml` extensions.... Read more

    Affected Products : genixcms
    • Published: Jan. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5517

    SQL injection vulnerability in author.control.php in GeniXCMS through 0.0.8 allows remote attackers to execute arbitrary SQL commands via the type parameter.... Read more

    Affected Products : genixcms
    • Published: Jan. 17, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-8204

    A Directory Traversal vulnerability in FileReceiveServlet in the Brocade Network Advisor versions released prior to and including 14.0.2 could allow remote attackers to upload a malicious file in a section of the file system where it can be executed.... Read more

    • Published: Jan. 14, 2017
    • Modified: Apr. 20, 2025

  • 8.0

    HIGH
    CVE-2016-8201

    A CSRF vulnerability in Brocade Virtual Traffic Manager versions released prior to and including 11.0 could allow an attacker to trick a logged-in user into making administrative changes on the traffic manager cluster.... Read more

    Affected Products : virtual_traffic_manager
    • Published: Jan. 14, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293280 Results