Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2017-7183

    The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message.... Read more

    Affected Products : extraputty
    • EPSS Score: %30.06
    • Published: Mar. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2014-3526

    Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temporary user sessions.... Read more

    Affected Products : wicket
    • EPSS Score: %0.50
    • Published: Oct. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-9019

    SQL injection vulnerability in the activate_address function in framework/modules/addressbook/controllers/addressController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the is_what parameter.... Read more

    Affected Products : exponent_cms
    • EPSS Score: %0.66
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-9012

    CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle.... Read more

    Affected Products : cloudvision_portal
    • EPSS Score: %0.74
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2191

    Untrusted search path vulnerability in RW-5100 driver installer for Windows 7 version 1.0.0.9 and RW-5100 driver installer for Windows 8.1 version 1.0.1.0 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.... Read more

    • EPSS Score: %0.14
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-8912

    IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially sensitive information in in log files that could be read by an authenticated user.... Read more

    Affected Products : kenexa_lms_on_cloud
    • EPSS Score: %0.16
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-6915

    CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the admin/settings/update/ page. The Colophon can be changed.... Read more

    Affected Products : bigtree_cms
    • EPSS Score: %0.12
    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6812

    paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.vote.php (id parameter).... Read more

    Affected Products : mangoswebv4
    • EPSS Score: %0.22
    • Published: Mar. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2014-3150

    Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript.... Read more

    Affected Products : livebox_1.1_firmware livebox_1.1
    • EPSS Score: %0.62
    • Published: Nov. 15, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6661

    A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a us... Read more

    • EPSS Score: %0.30
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2014-2903

    CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake.... Read more

    Affected Products : wolfssl
    • EPSS Score: %0.21
    • Published: Oct. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2017-6620

    A vulnerability in the remote management access control list (ACL) feature of the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass the remote management ACL. The vulnerability is due to incorrect implementation... Read more

    • EPSS Score: %0.16
    • Published: May. 03, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-6551

    Pexip Infinity before 14.2 allows remote attackers to cause a denial of service (service restart) or execute arbitrary code via vectors related to Conferencing Nodes.... Read more

    Affected Products : pexip_infinity
    • EPSS Score: %1.76
    • Published: May. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6541

    Multiple Cross-Site Scripting (XSS) issues were discovered in webpagetest 3.0. The vulnerabilities exist due to insufficient filtration of user-supplied data (benchmark, time) passed to the webpagetest-master/www/benchmarks/viewtest.php URL. An attacker c... Read more

    Affected Products : webpagetest
    • EPSS Score: %0.22
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7666

    Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery (CSRF) attacks, XSS attacks, click-jacking, and MIME based attacks.... Read more

    Affected Products : openmeetings
    • EPSS Score: %0.17
    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.6

    MEDIUM
    CVE-2017-7305

    Riverbed RiOS through 9.6.0 does not require a bootloader password, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism via a crafted boot. NOTE: the vendor believes that this does not meet the definiti... Read more

    Affected Products : rios
    • EPSS Score: %0.05
    • Published: Apr. 04, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2016-8475

    An information disclosure vulnerability in the HTC input driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Produc... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.23
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2016-8457

    An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged pro... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.19
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2016-8448

    An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it fi... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jan. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6479

    FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a reflected XSS in forums/search.php (search-by-topic parameter).... Read more

    Affected Products : fenix-open-source
    • EPSS Score: %0.30
    • Published: Mar. 05, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291384 Results