Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 4.7

    MEDIUM
    CVE-2016-0713

    Gorouter in Cloud Foundry cf-release v141 through v228 allows man-in-the-middle attackers to conduct cross-site scripting (XSS) attacks via vectors related to modified requests.... Read more

    Affected Products : cf-release
    • Published: Aug. 31, 2017
    • Modified: Apr. 20, 2025

  • 6.9

    MEDIUM
    CVE-2017-2728

    Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier versions have a Bluetooth unlock bypassing vulnerability. If a user has enabled the smart unlock function, an attacker can impersonate the user's Bluetooth device to unlock the user's mobil... Read more

    Affected Products : honor_6x_firmware honor_6x
    • Published: Nov. 22, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2016-8768

    Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions earlier than 6.9.16 could allow attackers to disable the PXN defense mechanism by invoking related drive code to crash the system or escalate privilege.... Read more

    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-8255

    AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi.... Read more

    Affected Products : axis_communications_firmware
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-1179

    Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML.... Read more

    Affected Products : a-blog_cms
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-4075

    Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL.... Read more

    Affected Products : opera_browser opera_mini
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 4.9

    MEDIUM
    CVE-2017-3483

    Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Limits and Collateral). Supported versions that are affected are 12.0.0 and 12.1.0. Easily "exploitable" vu... Read more

    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-2102

    Cross-site request forgery (CSRF) vulnerability in Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.0 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.... Read more

    Affected Products : appgoat
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7920

    An Improper Authentication issue was discovered in ABB VSN300 WiFi Logger Card versions 1.8.15 and prior, and VSN300 WiFi Logger Card for React versions 2.1.3 and prior. By accessing a specific uniform resource locator (URL) on the web server, a malicious... Read more

    • Published: Aug. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-2551

    Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup file for download.... Read more

    Affected Products : backwpup
    • Published: Sep. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-1364

    IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted sess... Read more

    • Published: Oct. 03, 2017
    • Modified: Apr. 20, 2025

  • 4.0

    MEDIUM
    CVE-2016-0382

    The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes some of its operational state in a form that may be accidentally captured and exposed by network infrastructure components such as IIS. IBM X-Force ID: 112356.... Read more

    • Published: May. 03, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-11295

    An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.... Read more

    Affected Products : dng_converter
    • Published: Dec. 09, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-0255

    IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed i... Read more

    Affected Products : marketing_platform
    • Published: May. 05, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-0228

    IBM Marketing Platform 10.0 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability in various scripts. An attacker could exploit this vulnerability to redirect a victim to arbitrary Web sites. IBM X-Force ID: 1... Read more

    Affected Products : marketing_platform
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-13169

    An information disclosure vulnerability in the kernel camera server. Product: Android. Versions: Android kernel. Android ID A-37512375.... Read more

    Affected Products : android
    • Published: Dec. 06, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-11681

    Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows remote authenticated users to execute actions that should only be available for administrative roles, as demonstrated by an action=createVoucher request to agents.php.... Read more

    Affected Products : hashtopussy
    • Published: Jul. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-11679

    Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the password parameter to admin.php in an a=config action.... Read more

    Affected Products : hashtopus
    • Published: Jul. 27, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-12984

    PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/message_update.php.... Read more

    Affected Products : phpmywind
    • Published: Aug. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-11345

    Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N... Read more

    • Published: Jul. 17, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293338 Results