Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 4.3

    MEDIUM
    CVE-2016-8912

    IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user.... Read more

    Affected Products : kenexa_lms_on_cloud
    • EPSS Score: %0.16
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025
  • 4.3

    MEDIUM
    CVE-2017-6915

    CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the admin/settings/update/ page. The Colophon can be changed.... Read more

    Affected Products : bigtree_cms
    • EPSS Score: %0.12
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025
  • 6.1

    MEDIUM
    CVE-2017-6812

    paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.vote.php (id parameter).... Read more

    Affected Products : mangoswebv4
    • EPSS Score: %0.22
    • Published: Mar. 11, 2017
    • Modified: Apr. 20, 2025
  • 9.0

    HIGH
    CVE-2014-3150

    Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript.... Read more

    Affected Products : livebox_1.1_firmware livebox_1.1
    • EPSS Score: %0.62
    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025
  • 6.1

    MEDIUM
    CVE-2017-6661

    A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a us... Read more

    • EPSS Score: %0.30
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025
  • 5.9

    MEDIUM
    CVE-2014-2903

    CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake.... Read more

    Affected Products : wolfssl
    • EPSS Score: %0.21
    • Published: Oct. 06, 2017
    • Modified: Apr. 20, 2025
  • 5.8

    MEDIUM
    CVE-2017-6620

    A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation... Read more

    • EPSS Score: %0.16
    • Published: May. 03, 2017
    • Modified: Apr. 20, 2025
  • 9.8

    CRITICAL
    CVE-2017-6551

    Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes.... Read more

    Affected Products : pexip_infinity
    • EPSS Score: %1.76
    • Published: May. 02, 2017
    • Modified: Apr. 20, 2025
  • 6.1

    MEDIUM
    CVE-2017-6541

    Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, time) passed to the webpagetest-master/www/benchmarks/viewtest.php URL. An attacker c... Read more

    Affected Products : webpagetest
    • EPSS Score: %0.22
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025
  • 8.8

    HIGH
    CVE-2017-7666

    Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.... Read more

    Affected Products : openmeetings
    • EPSS Score: %0.17
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025
  • 4.6

    MEDIUM
    CVE-2017-7305

    Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot. NOTE: the vendor believes that this does not meet the definiti... Read more

    Affected Products : rios
    • EPSS Score: %0.05
    • Published: Apr. 04, 2017
    • Modified: Apr. 20, 2025
  • 4.7

    MEDIUM
    CVE-2016-8475

    An information disclosure vulnerability in the HTC input driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Produc... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.23
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025
  • 7.6

    HIGH
    CVE-2016-8457

    An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged pro... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.19
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025
  • 7.6

    HIGH
    CVE-2016-8448

    An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it fi... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025
  • 6.1

    MEDIUM
    CVE-2017-6479

    FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a reflected XSS in forums/search.php (search-by-topic parameter).... Read more

    Affected Products : fenix-open-source
    • EPSS Score: %0.30
    • Published: Mar. 05, 2017
    • Modified: Apr. 20, 2025
  • 9.3

    HIGH
    CVE-2016-8386

    An exploitable heap-based buffer overflow exists in Iceni Argus. When it attempts to convert a PDF containing a malformed font to XML, the tool will attempt to use a size out of the font to search through a linked list of buffers to return. Due to a signe... Read more

    Affected Products : argus
    • EPSS Score: %0.95
    • Published: Feb. 27, 2017
    • Modified: Apr. 20, 2025
  • 5.3

    MEDIUM
    CVE-2017-6356

    Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 before 8.0.1 uses weak permissions for unspecified resources, which allows attackers to obtain sensitive session information via unknown vectors.... Read more

    Affected Products : terminal_services_agent
    • EPSS Score: %0.12
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025
  • 6.1

    MEDIUM
    CVE-2016-8319

    Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows una... Read more

    Affected Products : flexcube_investor_servicing
    • EPSS Score: %0.51
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025
  • 7.8

    HIGH
    CVE-2017-6276

    NVIDIA mediaserver contains a vulnerability where it is possible a use after free malfunction can occur due to an incorrect bounds check which could enable unauthorized code execution and possibly lead to elevation of privileges. This issue is rated as hi... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: Dec. 06, 2017
    • Modified: Apr. 20, 2025
  • 5.3

    MEDIUM
    CVE-2016-8271

    Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special URL.... Read more

    Affected Products : espace_iad_firmware espace_iad
    • EPSS Score: %0.11
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291222 Results