Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.3

    HIGH
    CVE-2017-2253

    Untrusted search path vulnerability in Installer of Yahoo! Toolbar (for Internet explorer) v8.0.0.6 and earlier, with its timestamp prior to June 13, 2017, 18:18:55 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    Affected Products : toolbar
    • EPSS Score: %0.14
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12907

    Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url path to usersearch.php.... Read more

    Affected Products : nexusphp
    • EPSS Score: %0.24
    • Published: Aug. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-2167

    Untrusted search path vulnerability in Installer for PrimeDrive Desktop Application version 1.4.4 and earlier allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory.... Read more

    Affected Products : primedrive_desktop_application
    • EPSS Score: %0.66
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-2142

    Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.... Read more

    Affected Products : wn-g300r3_firmware wn-g300r3
    • EPSS Score: %2.79
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-2141

    WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors.... Read more

    Affected Products : wn-g300r3_firmware wn-g300r3
    • EPSS Score: %0.48
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-2126

    WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware Ver.1.16.1 and earlier allows remote attackers to bypass authentication and access the configuration interface via unspecified vectors.... Read more

    • EPSS Score: %13.46
    • Published: Jul. 22, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-2103

    The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : lala_call
    • EPSS Score: %0.29
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-2090

    Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.... Read more

    Affected Products : garoon cubecart
    • EPSS Score: %3.37
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-7893

    SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript.... Read more

    Affected Products : galaxy_s6
    • EPSS Score: %13.65
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-3403

    Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove account... Read more

    Affected Products : zimbra_collaboration_suite
    • EPSS Score: %2.57
    • Published: May. 17, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-3406

    Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) extension REST handle... Read more

    Affected Products : zimbra_collaboration_suite
    • EPSS Score: %3.14
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12783

    The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.... Read more

    Affected Products : mkvalidator libebml2 mkclean
    • EPSS Score: %0.62
    • Published: Nov. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-3091

    Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers to cause a denial of service.... Read more

    Affected Products : diego
    • EPSS Score: %0.56
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2016-3021

    IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request.... Read more

    • EPSS Score: %0.07
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-3022

    IBM Security Access Manager for Web could allow an authenticated user to gain access to highly sensitive information due to incorrect file permissions.... Read more

    • EPSS Score: %0.19
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-2987

    An undisclosed vulnerability in CLM applications may result in some administrative deployment parameters being shown to an attacker.... Read more

    • EPSS Score: %0.18
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-9631

    A Null Pointer Dereference issue was discovered in Schneider Electric Wonderware ArchestrA Logger, versions 2017.426.2307.1 and prior. The null pointer dereference vulnerability could allow an attacker to crash the logger process, causing a denial of serv... Read more

    Affected Products : wonderware_archestra_logger
    • EPSS Score: %0.87
    • Published: Jul. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-17994

    Biometric Shift Employee Management System has XSS via the criteria parameter in an index.php?user=competency_criteria request.... Read more

    • EPSS Score: %0.21
    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025

  • 8.6

    HIGH
    CVE-2017-17952

    PHP Scripts Mall PHP Multivendor Ecommerce has a predicable registration URL, which makes it easier for remote attackers to register with an invalid or spoofed e-mail address.... Read more

    Affected Products : php_multivendor_ecommerce
    • EPSS Score: %0.25
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-17936

    Vanguard Marketplace Digital Products PHP has CSRF via /search.... Read more

    Affected Products : marketplace_digital_products_php
    • EPSS Score: %0.11
    • Published: Dec. 28, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291389 Results