Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-6287

    The "http-client" egg always used a HTTP_PROXY environment variable to determine whether HTTP traffic should be routed via a proxy, even when running as a CGI process. Under several web servers this would mean a user-supplied "Proxy" header could allow an... Read more

    Affected Products : http-client
    • EPSS Score: %0.70
    • Published: Jan. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2016-6270

    The handle_certificate function in /vmi/manager/engine/management/commands/apns_worker.py in Trend Micro Virtual Mobile Infrastructure before 5.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the password to a... Read more

    Affected Products : virtual_mobile_infrastructure
    • EPSS Score: %8.44
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-6268

    Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows local webserv users to execute arbitrary code with root privileges via a Trojan horse .war file in the Solr webapps directory.... Read more

    Affected Products : smart_protection_server
    • EPSS Score: %0.08
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-3933

    Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network Data Loss Prevention (NDLP) 9.3.x allows remote authenticated users to view confidential information via a cross site request forgery attack.... Read more

    Affected Products : network_data_loss_prevention
    • EPSS Score: %0.18
    • Published: Oct. 31, 2017
    • Modified: Apr. 20, 2025

  • 4.9

    MEDIUM
    CVE-2016-6246

    OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount privileges to cause a denial of service (kernel panic) by mounting a tmpfs with a VNOVAL in the (1) username, (2) groupname, or (3) device name of the root node.... Read more

    Affected Products : openbsd openbsd
    • EPSS Score: %0.05
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2016-6242

    OpenBSD 5.8 and 5.9 allows local users to cause a denial of service (assertion failure and kernel panic) via a large ident value in a kevent system call.... Read more

    Affected Products : openbsd openbsd
    • EPSS Score: %0.04
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-6177

    The Huawei OceanStor 5800 V300R003C00 has an integer overflow vulnerability. An authenticated attacker may send massive abnormal Network File System (NFS) packets, causing an anomaly in specific disk arrays.... Read more

    • EPSS Score: %0.20
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-6060

    An undisclosed vulnerability in IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 could allow a JazzGuest user to see project names. IBM Reference #: 1995547.... Read more

    • EPSS Score: %0.20
    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-6047

    IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste... Read more

    Affected Products : jazz_reporting_service
    • EPSS Score: %0.23
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-5951

    IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a truste... Read more

    Affected Products : kenexa_lcms_premier
    • EPSS Score: %0.23
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 7.3

    HIGH
    CVE-2016-5934

    IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary code on the system. By placing a specially-crafted DLL in the victim's path, an attacker could exploit this vulnerability when the installer is executed to ru... Read more

    Affected Products : tivoli_storage_manager_fastback
    • EPSS Score: %2.15
    • Published: Feb. 08, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-3548

    Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker w... Read more

    Affected Products : peoplesoft_enterprise_peopletools
    • EPSS Score: %51.78
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-5786

    An issue was discovered in OmniMetrix OmniView, Version 1.2. The OmniView web application transmits credentials with the HTTP protocol, which could be sniffed by an attacker that may result in the compromise of account credentials.... Read more

    Affected Products : omniview
    • EPSS Score: %0.46
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 7.9

    HIGH
    CVE-2017-3530

    Vulnerability in the Oracle Transportation Manager component of Oracle Supply Chain Products Suite (subcomponent: Security). Supported versions that are affected are 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0, 6.4.1 and 6.4.2. Easi... Read more

    Affected Products : transportation_management
    • EPSS Score: %0.38
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 4.4

    MEDIUM
    CVE-2016-3016

    IBM Security Access Manager for Web processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code, which could allow an authenticated attacker to load malicious code.... Read more

    • EPSS Score: %0.08
    • Published: Feb. 01, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-5642

    Opmantek NMIS before 8.5.12G has XSS via SNMP.... Read more

    • EPSS Score: %0.21
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2017-3324

    Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.2, 8.3, 8.4, 15.1, 15.2, 16.1 and 16.2. Easily exploitable vulner... Read more

    • EPSS Score: %2.72
    • Published: Jan. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-3237

    Vulnerability in the Automatic Service Request (ASR) component of Oracle Support Tools (subcomponent: ASR Manager). The supported version that is affected is Prior to 5.7. Easily "exploitable" vulnerability allows low privileged attacker with logon to the... Read more

    Affected Products : automatic_service_request
    • EPSS Score: %0.06
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-3230

    Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Supported versions that are affected are 11.1.1.9, 12.2.1.1 and 12.2.1.2. Easily "exploitable" vulnerability allows unauthenticated ... Read more

    Affected Products : fusion_middleware_mapviewer
    • EPSS Score: %5.88
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-3218

    Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates.... Read more

    Affected Products : magician
    • EPSS Score: %0.02
    • Published: Jun. 21, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 291717 Results