Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2015-4684

    Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modifier parameter to PlcmRmWeb/FileDownload; or remote auth... Read more

    Affected Products : realpresence_resource_manager
    • Published: Sep. 19, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-10511

    The Twitter iOS client versions 6.62 and 6.62.1 fail to validate Twitter's server certificates for the /1.1/help/settings.json configuration endpoint, permitting man-in-the-middle attackers the ability to view an application-only OAuth client token and po... Read more

    Affected Products : twitter
    • Published: Sep. 18, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-15700

    A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.... Read more

    • Published: Dec. 18, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2016-10401

    ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices).... Read more

    Affected Products : pk5001z_firmware pk5001z
    • Published: Jul. 25, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1553

    IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure withi... Read more

    Affected Products : infosphere_biginsights
    • Published: Nov. 01, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10184

    An issue was discovered on the D-Link DWR-932B router. qmiweb allows file reading with ..%2f traversal.... Read more

    Affected Products : dwr-932b_firmware dwr-932b
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-10137

    An issue was discovered on BLU R1 HD devices with Shanghai Adups software. The content provider named com.adups.fota.sysoper.provider.InfoProvider in the app with a package name of com.adups.fota.sysoper allows any app on the device to read, write, and de... Read more

    Affected Products : adups_fota
    • Published: Jan. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-10135

    An issue was discovered on LG devices using the MTK chipset with L(5.0/5.1), M(6.0/6.0.1), and N(7.0) software, and RCA Voyager Tablet, BLU Advance 5.0, and BLU R1 HD devices. The MTKLogger app with a package name of com.mediatek.mtklogger has application... Read more

    Affected Products : lg_mobile
    • Published: Jan. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15368

    The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted WASM file that triggers a... Read more

    Affected Products : radare2
    • Published: Oct. 16, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10091

    Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote attackers to cause a denial-of-service by writing a negative integer to the (1) cmd_expand function, (2) cmd_emboss function, or (3) cmd_engrave function.... Read more

    Affected Products : unrtf
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15304

    /bin/login.php in the Web Panel on the Airtame HDMI dongle with firmware before 3.0 allows an attacker to set his own session id via a "Cookie: PHPSESSID=" header. This can be used to achieve persistent access to the admin panel even after an admin passwo... Read more

    Affected Products : hdmi_dongle_firmware hdmi_dongle
    • Published: Oct. 15, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-15205

    In Kanboard before 1.0.47, by altering form data, an authenticated user can download attachments from a private project of another user.... Read more

    Affected Products : kanboard
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-15195

    In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a private project of another user.... Read more

    Affected Products : kanboard
    • Published: Oct. 11, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-14985

    Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the url parameter to module/module_frame/index.php.... Read more

    Affected Products : eyesofnetwork
    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-3639

    phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file.... Read more

    Affected Products : phpmybackuppro
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-3617

    Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands.... Read more

    Affected Products : fortimanager_firmware
    • Published: Aug. 22, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-1481

    IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view sensitive information that belongs to another user. IBM X-Force ID: 128619.... Read more

    Affected Products : sterling_b2b_integrator
    • Published: Dec. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-3421

    The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does not validate variables in the "eshopcart" HTTP cookie, which allows remote attackers to perform cross-site scripting (XSS) attacks, or a path disclosure atta... Read more

    Affected Products : eshop
    • Published: Jul. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-14705

    DenyAll WAF before 6.4.1 allows unauthenticated remote command execution via TCP port 3001 because shell metacharacters can be inserted into the type parameter to the tailDateFile function in /webservices/stream/tail.php. An iToken authentication paramete... Read more

    Affected Products : i-suite web_application_firewall
    • Published: Sep. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-1458

    IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 128377.... Read more

    Affected Products : qradar_network_security
    • Published: Sep. 05, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292787 Results