Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2015-8315

    The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."... Read more

    Affected Products : ms
    • EPSS Score: %0.94
    • Published: Jan. 23, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-2180

    Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.2 and earlier allow remote attackers to obtain local files via unspecified vectors.... Read more

    Affected Products : appgoat
    • EPSS Score: %0.20
    • Published: Jun. 09, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-2169

    Cross-site scripting vulnerability in MaxButtons prior to version 6.19 and MaxButtons Pro prior to version 6.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : maxbuttons
    • EPSS Score: %0.47
    • Published: May. 22, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-2148

    Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : wn-ac1167gr_firmware wn-ac1167gr
    • EPSS Score: %0.24
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-2122

    Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : nessus
    • EPSS Score: %0.13
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-2114

    Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : office
    • EPSS Score: %0.18
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 2.6

    LOW
    CVE-2017-2109

    Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to obtain log information through a malicious Android application.... Read more

    Affected Products : kunai
    • EPSS Score: %0.26
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-2105

    The TVer App for Android 3.2.7 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : tver
    • EPSS Score: %0.29
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-2098

    Directory traversal vulnerability in CubeCart versions prior to 6.1.4 allows remote authenticated attackers to read arbitrary files via unspecified vectors.... Read more

    Affected Products : cubecart
    • EPSS Score: %1.52
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-2091

    Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Phone Messages function to alter the status of phone messages via unspecified vectors.... Read more

    Affected Products : garoon
    • EPSS Score: %0.20
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-3702

    Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 allows remote attackers to obtain sensitive cleartext information.... Read more

    Affected Products : cloudforms_management_engine
    • EPSS Score: %0.18
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-3412

    Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 103997, 104413, 104414, 104777, and 104791.... Read more

    Affected Products : zimbra_collaboration_suite
    • EPSS Score: %0.54
    • Published: Jan. 18, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-7293

    Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.... Read more

    Affected Products : plone zope_management_interface
    • EPSS Score: %0.33
    • Published: Sep. 25, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12782

    The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (assert fault) via a crafted mkv file.... Read more

    Affected Products : mkvalidator libebml2 mkclean
    • EPSS Score: %0.62
    • Published: Nov. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-12780

    The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted mkv file.... Read more

    Affected Products : mkvalidator libebml2 mkclean
    • EPSS Score: %0.68
    • Published: Nov. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2015-7258

    ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated users to obtain user passwords by displaying user information in a Telnet connection.... Read more

    Affected Products : zxv10_w300 zxv10_w300_firmware
    • EPSS Score: %32.59
    • Published: Aug. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-3086

    The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3 can leak the password for credential store provider used by the NodeManager to YARN Applications.... Read more

    Affected Products : hadoop
    • EPSS Score: %0.43
    • Published: Sep. 05, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-3051

    IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. IBM X-Force ID: 114714.... Read more

    • EPSS Score: %0.24
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-2976

    IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting invitee to obtain previously cleared sensitive information by viewing the meeting report history. IBM X-Force ID: 113936.... Read more

    Affected Products : sametime
    • EPSS Score: %0.21
    • Published: Aug. 29, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2017-17982

    PHP Scripts Mall Muslim Matrimonial Script has CSRF via admin/subadmin_edit.php.... Read more

    Affected Products : muslim_matrimonial_script
    • EPSS Score: %0.11
    • Published: Dec. 30, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291712 Results