Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2016-5004

    The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote attackers to cause a denial of service (resource consumption) by decompressing a large file containing zeroes.... Read more

    Affected Products : ws-xmlrpc
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-3077

    The VersionMapper.fromKernelVersionString method in oVirt Engine allows remote authenticated users to cause a denial of service (process crash) for all VMs.... Read more

    Affected Products : ovirt-engine
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-3066

    The spice-gtk widget allows remote authenticated users to obtain information from the host clipboard.... Read more

    Affected Products : spice-gtk
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-2192

    PostgreSQL PL/Java before 1.5.0 allows remote authenticated users to alter type mappings for types they do not own.... Read more

    Affected Products : pl\/java
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-0768

    PostgreSQL PL/Java after 9.0 does not honor access controls on large objects.... Read more

    Affected Products : postgresql
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-0767

    PostgreSQL PL/Java before 1.5.0 allows remote authenticated users with USAGE permission on the public schema to alter the public schema classpath.... Read more

    Affected Products : pl\/java
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-0726

    The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.... Read more

    Affected Products : nagios
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2015-3830

    The stock Android browser address bar in all Android operating systems suffers from Address Bar Spoofing, which allows remote attackers to trick a victim by displaying a malicious page for legitimate domain names.... Read more

    Affected Products : android
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2015-1207

    Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file.... Read more

    Affected Products : debian_linux chrome
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2014-8180

    MongoDB on Red Hat Satellite 6 allows local users to bypass authentication by logging in with an empty password and delete information which can cause a Denial of Service.... Read more

    Affected Products : satellite mongodb
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 4.8

    MEDIUM
    CVE-2017-9452

    Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.... Read more

    Affected Products : piwigo
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9451

    Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs.... Read more

    Affected Products : flatcore-cms flatcore
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8920

    irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS.... Read more

    Affected Products : cgi\
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 8.5

    HIGH
    CVE-2017-5243

    The default SSH configuration in Rapid7 Nexpose hardware appliances shipped before June 2017 does not specify desired algorithms for key exchange and other important functions. As a result, it falls back to allowing ALL algorithms supported by the relevan... Read more

    Affected Products : nexpose
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-9449

    SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote authenticated users to execute arbitrary SQL commands via core/admin/modules/developer/modules/views/create.php. The attacker creates a crafted table name at admin/developer/modules/v... Read more

    Affected Products : bigtree_cms
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-9448

    Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. This issue exists in core\admin\ajax\pages\save-revision.php and core\admin\mod... Read more

    Affected Products : bigtree_cms
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9332

    The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag.... Read more

    Affected Products : pivotx
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-8083

    CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges... Read more

    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-7515

    poppler through version 0.55.0 is vulnerable to an uncontrolled recursion in pdfunite resulting into potential denial-of-service.... Read more

    Affected Products : poppler
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-5664

    The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is p... Read more

    Affected Products : tomcat
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294513 Results