Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.4

    MEDIUM
    CVE-2017-15284

    Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the cont... Read more

    Affected Products : october
    • EPSS Score: %1.73
    • Published: Oct. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-2690

    Multiple cross-site scripting (XSS) vulnerabilities in views/add-license-form.php in the Digium Addons module (digiumaddoninstaller) before 2.11.0.7 for FreePBX allow remote attackers to inject arbitrary web script or HTML via the (1) add_license_key, (2)... Read more

    Affected Products : addons_module
    • EPSS Score: %0.17
    • Published: Aug. 02, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2015-2687

    OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for.... Read more

    Affected Products : nova compute
    • EPSS Score: %0.05
    • Published: Aug. 09, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-2387

    The Apple Music (aka com.apple.android.music) application before 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : apple_music
    • EPSS Score: %0.17
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-15044

    The default installation of DocuWare Fulltext Search server through 6.11 allows remote users to connect to and download searchable text from the embedded Solr service, bypassing DocuWare's access control features of the DocuWare user interfaces and API. A... Read more

    Affected Products : fulltext_server
    • EPSS Score: %0.38
    • Published: Nov. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-16951

    Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial of service via a crafted WAV, WMV, AU, ASF, AIFF, or AIF file.... Read more

    Affected Products : winamp_pro
    • EPSS Score: %1.51
    • Published: Nov. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2017-16933

    etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown call for a filename in a user-writable directory, which allows local users to gain privileges by leveraging access to the $ICINGA2_USER account for creation of a link.... Read more

    Affected Products : icinga
    • EPSS Score: %0.03
    • Published: Nov. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-14822

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic... Read more

    Affected Products : foxit_reader pdf_reader
    • EPSS Score: %0.10
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-16923

    Command Injection vulnerability in app_data_center on Shenzhen Tenda Ac9 US_AC9V1.0BR_V15.03.05.14_multi_TD01, Ac9 ac9_kf_V15.03.05.19(6318_)_cn, Ac15 US_AC15V1.0BR_V15.03.05.18_multi_TD01, Ac15 US_AC15V1.0BR_V15.03.05.19_multi_TD01, Ac18 US_AC18V1.0BR_V1... Read more

    • EPSS Score: %3.47
    • Published: Nov. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-15986

    CPA Lead Reward Script allows SQL Injection via the username parameter.... Read more

    Affected Products : cpa_lead_reward_script
    • EPSS Score: %1.41
    • Published: Oct. 31, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-9405

    Cross-site scripting (XSS) vulnerability in member validation in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : mybb merge_system
    • EPSS Score: %0.61
    • Published: Jan. 31, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-9407

    Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to inject arbitrary web script or HTML via vectors involving Mod control panel logs.... Read more

    Affected Products : mybb merge_system
    • EPSS Score: %0.61
    • Published: Jan. 31, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-2046

    Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later before 1.2.20.... Read more

    Affected Products : mantisbt
    • EPSS Score: %0.37
    • Published: Aug. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-16589

    This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 8.3.1.21155. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malic... Read more

    Affected Products : foxit_reader pdf_reader
    • EPSS Score: %0.10
    • Published: Dec. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15746

    IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at CADI... Read more

    Affected Products : irfanview cadimage
    • EPSS Score: %0.10
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-15740

    IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls Code Flow starting at CADIMAGE+0x000000000033228e... Read more

    Affected Products : irfanview cadimage
    • EPSS Score: %0.19
    • Published: Oct. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-9005

    IBM System Storage TS3100-TS3200 Tape Library could allow an unauthenticated user with access to the company network, to change a user's password and gain remote access to the system.... Read more

    • EPSS Score: %0.49
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-1612

    OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka "LLDP Relay."... Read more

    Affected Products : openflow
    • EPSS Score: %0.97
    • Published: Apr. 04, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2015-1526

    The media_server component in Android allows remote attackers to cause a denial of service via a crafted application.... Read more

    Affected Products : android
    • EPSS Score: %0.17
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2016-8794

    Huawei Mate 8 phones with software Versions before NXT-AL10C00B386, Versions before NXT-CL00C92B386, Versions before NXT-DL00C17B386, Versions before NXT-TL00C01B386; Mate S phones with software Versions before CRR-CL00C92B368, Versions before CRR-CL20C92... Read more

    • EPSS Score: %0.04
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291316 Results