Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2016-9684

    The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. This vulnerability occurs in the 'viewcert' CGI (/cgi-bin/viewcert) component responsible for p... Read more

    • Published: Feb. 22, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-3837

    An HTTP Packet Processing vulnerability in the Web Bridge interface of the Cisco Meeting Server (CMS), formerly Acano Conferencing Server, could allow an authenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of con... Read more

    Affected Products : meeting_server
    • Published: Feb. 22, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-6056

    It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a C... Read more

    Affected Products : ubuntu_linux debian_linux
    • Published: Feb. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-8968

    IBM Jazz Foundation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IB... Read more

    • Published: Feb. 15, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-5141

    An issue was discovered in Honeywell XL Web II controller XL1000C500 XLWebExe-2-01-00 and prior, and XLWeb 500 XLWebExe-1-02-08 and prior. An attacker can establish a new user session, without invalidating any existing session identifier, which gives the ... Read more

    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 8.0

    HIGH
    CVE-2016-8377

    An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vulnerability exists when the software application connects to a malicious server, resulting in a stack buffer overflow. This causes an ex... Read more

    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-8709

    A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a speci... Read more

    Affected Products : nitro_pdf_pro
    • Published: Feb. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5941

    An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Express... Read more

    Affected Products : node-serialize
    • Published: Feb. 09, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-6803

    Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface in the Scheduler in SolarWinds (formerly Serv-U) FTP Voyager 16.2.0 allow remote attackers to hijack the authentication of users for requests that (1) change the admin passwor... Read more

    Affected Products : ftp_voyager
    • Published: Mar. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2014-8708

    Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature.... Read more

    Affected Products : pluck
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-6366

    Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 routers with firmware 10.0.0.20 through 10.0.0.50 allows remote attackers to hijack the authentication of users for requests that perform DNS lookups via the host_name parameter to dnslook... Read more

    • Published: Mar. 15, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-5626

    OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands (4F500301 and 4F500302) that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a fact... Read more

    Affected Products : oxygenos oneplus_3 oneplus_3t
    • Published: Mar. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-5872

    The TCP/IP networking module in Unisys ClearPath MCP systems with TCP-IP-SW 57.1 before 57.152, 58.1 before 58.142, or 59.1 before 59.172, when running a TLS 1.2 service, allows remote attackers to cause a denial of service (network connectivity disruptio... Read more

    Affected Products : clearpath_mcp
    • Published: Mar. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-6432

    An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build 2016-06-06 devices. The Dahua DVR Protocol, which operates on TCP Port 37777, is an unencrypted, binary protocol. Performing a Man-in-the-Middle attack allows both sniffing and injectio... Read more

    Affected Products : nvr_firmware dhi-hcvr7216a-s3
    • Published: Mar. 09, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2017-0533

    An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. P... Read more

    Affected Products : android linux_kernel
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-9087

    SQL injection vulnerability in framework/modules/filedownloads/controllers/filedownloadController.php in Exponent CMS 2.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the fileid parameter.... Read more

    Affected Products : exponent_cms
    • Published: Mar. 07, 2017
    • Modified: Apr. 20, 2025

  • 6.4

    MEDIUM
    CVE-2017-7306

    Riverbed RiOS through 9.6.0 has a weak default password for the secure vault, which makes it easier for physically proximate attackers to defeat the secure-vault protection mechanism by leveraging knowledge of the password algorithm and the appliance seri... Read more

    Affected Products : rios
    • Published: Apr. 04, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2017-2384

    An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves mishandling of deletion within the SQLite subsystem of the "Safari" component. It allows local users to identify the web-site visits that occurred in Privat... Read more

    Affected Products : iphone_os
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-9125

    Revive Adserver before 3.2.3 suffers from session fixation, by allowing arbitrary session identifiers to be forced and, at the same time, by not invalidating the existing session upon a successful authentication. Under some circumstances, that could have ... Read more

    Affected Products : revive_adserver
    • Published: Mar. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-9122

    go-jose before 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate which signature was valid, which could potentially lead ... Read more

    Affected Products : go-jose
    • Published: Mar. 28, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292803 Results