Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-10259

    Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Web Server Plugin). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access ... Read more

    Affected Products : coreid_access
    • EPSS Score: %2.12
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 4.6

    MEDIUM
    CVE-2017-10197

    Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: Folios). The supported version that is affected is 5.4.2.x through 5.5.1.x. Easily exploitable vulnerability allows physical acce... Read more

    • EPSS Score: %0.12
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-10164

    Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle PeopleSoft Products (subcomponent: Staffing Front Office). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network acce... Read more

    • EPSS Score: %0.22
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2017-10161

    Vulnerability in the Oracle Engineering Data Management component of Oracle Supply Chain Products Suite (subcomponent: Web Services Security). Supported versions that are affected are 6.1.3.0 and 6.2.2.0. Difficult to exploit vulnerability allows unauthen... Read more

    Affected Products : agile_engineering_data_management
    • EPSS Score: %0.41
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-10159

    Vulnerability in the Oracle Communications Policy Management component of Oracle Communications Applications (subcomponent: Portal, CMP). Supported versions that are affected are 11.5 and 12.x. Easily exploitable vulnerability allows unauthenticated attac... Read more

    Affected Products : communications_policy_management
    • EPSS Score: %0.46
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-10158

    Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Core). Supported versions that are affected are 8.54, 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with networ... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • EPSS Score: %0.46
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 8.5

    HIGH
    CVE-2017-10065

    Vulnerability in the Oracle Retail Point-of-Service component of Oracle Retail Applications (subcomponent: Security). Supported versions that are affected are 13.2, 13.3, 13.4, 14.0 and 14.1. Easily exploitable vulnerability allows low privileged attacker... Read more

    Affected Products : retail_point-of-service
    • EPSS Score: %0.25
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-10055

    Vulnerability in the Oracle iPlanet Web Server component of Oracle Fusion Middleware (subcomponent: Admin Graphical User Interface). The supported version that is affected is 7.0. Easily exploitable vulnerability allows unauthenticated attacker with netwo... Read more

    Affected Products : iplanet_web_server
    • EPSS Score: %0.45
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.1

    MEDIUM
    CVE-2017-10054

    Vulnerability in the Oracle Hospitality Cruise Materials Management component of Oracle Hospitality Applications (subcomponent: MMS). The supported version that is affected is 7.30.564.0. Easily exploitable vulnerability allows unauthenticated attacker wi... Read more

    • EPSS Score: %0.14
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12288

    A vulnerability in the web-based management interface of Cisco Unified Contact Center Express could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to ... Read more

    Affected Products : finesse
    • EPSS Score: %0.20
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 8.2

    HIGH
    CVE-2017-10026

    Vulnerability in the Oracle SOA Suite component of Oracle Fusion Middleware (subcomponent: Fabric Layer). The supported version that is affected is 11.1.1.7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP t... Read more

    Affected Products : soa_suite
    • EPSS Score: %1.65
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12296

    A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the affected system. The vulnerability is due to insufficient input validation of some paramete... Read more

    Affected Products : webex_meetings_server
    • EPSS Score: %0.23
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 4.4

    MEDIUM
    CVE-2017-12289

    A vulnerability in conditional, verbose debug logging for the IPsec feature of Cisco IOS XE Software could allow an authenticated, local attacker to display sensitive IPsec information in the system log file. The vulnerability is due to incorrect implemen... Read more

    Affected Products : ios_xe ios
    • EPSS Score: %0.08
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-12287

    A vulnerability in the cluster database (CDB) management component of Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS) Software could allow an authenticated, remote attacker to cause the CDB process on an affected s... Read more

    • EPSS Score: %0.50
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-12260

    A vulnerability in the implementation of Session Initiation Protocol (SIP) functionality in Cisco Small Business SPA50x, SPA51x, and SPA52x Series IP Phones could allow an unauthenticated, remote attacker to cause an affected device to become unresponsive... Read more

    • EPSS Score: %1.41
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2017-12251

    A vulnerability in the web console of the Cisco Cloud Services Platform (CSP) 2100 could allow an authenticated, remote attacker to interact maliciously with the services or virtual machines (VMs) operating remotely on an affected CSP device. The vulnerab... Read more

    Affected Products : cloud_services_platform_2100
    • EPSS Score: %3.20
    • Published: Oct. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.7

    MEDIUM
    CVE-2017-14956

    AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Besides offering an export via a local download, the script also offers the possibility to send ... Read more

    Affected Products : unified_security_management
    • EPSS Score: %0.71
    • Published: Oct. 18, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-7715

    Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests that add a user via an add_user action to administrator/in... Read more

    Affected Products : realtyna_property_listing
    • EPSS Score: %0.14
    • Published: Oct. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2015-5164

    The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code via a crafted message, related to a pickle processing p... Read more

    Affected Products : qpid satellite
    • EPSS Score: %1.70
    • Published: Oct. 18, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2014-8491

    The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installation path via a request to (1) flagallery-skins/banner_widget_default/gallery.php or (2) flash-album-gallery/skins/banner_widget_default/gallery.php.... Read more

    Affected Products : grand_flagallery
    • EPSS Score: %0.26
    • Published: Oct. 18, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291808 Results