Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.

Latest Critical Actively Exploited Remotely Exploitable

8.8

HIGH

CVE-2016-4907

Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors....

Affected Products : garoon
Published: Jun. 09, 2017

Modified: Apr. 20, 2025
6.1

MEDIUM

CVE-2016-4906

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to inject arbitrary web script or HTML via "Messages" function of Cybozu Garoon Keitai....

Affected Products : garoon
Published: Jun. 09, 2017

Modified: Apr. 20, 2025
9.3

HIGH

CVE-2016-4902

Untrusted search path vulnerability in The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.0.1 and earlier, The Public Certification Service for Individuals "The JPKI user's software (for Windows Vist...

Affected Products : the_public_certification_service_for_individuals the_public_certification_service_for_individuals the_public_certification_service_for_individuals_for_windows_7 the_public_certification_service_for_individuals_for_windows_vista
Published: Jun. 09, 2017

Modified: Apr. 20, 2025
5.4

MEDIUM

CVE-2016-7469

A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2...

Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_domain_name_system big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager +6 more products
Published: Jun. 09, 2017

Modified: Apr. 20, 2025
6.1

MEDIUM

CVE-2017-9523

The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, aka NSWA-1342....

Affected Products : web_appliance web_appliance_firmware
Published: Jun. 09, 2017

Modified: Apr. 20, 2025
7.5

HIGH

CVE-2017-1319

IBM Tivoli Federated Identity Manager 6.2 is affected by a vulnerability due to a missing secure attribute in encrypted session (SSL) cookie. IBM X-Force ID: 125731....

Affected Products : tivoli_federated_identity_manager
Published: Jun. 08, 2017

Modified: Apr. 20, 2025
5.9

MEDIUM

CVE-2017-1179

IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123431....

Affected Products : bigfix_security_compliance_analytics
Published: Jun. 08, 2017

Modified: Apr. 20, 2025
5.4

MEDIUM

CVE-2017-1140

IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within...

Affected Products : business_process_manager
Published: Jun. 08, 2017

Modified: Apr. 20, 2025
8.0

HIGH

CVE-2016-9991

IBM Sterling Order Management 9.2 through 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 121314....

Affected Products : sterling_order_management sterling_selling_and_fulfillment_foundation
Published: Jun. 08, 2017

Modified: Apr. 20, 2025
5.3

MEDIUM

CVE-2016-9736

IBM WebSphere Application Server using malformed SOAP requests could allow a remote attacker to obtain sensitive information....

Affected Products : websphere_application_server
Published: Jun. 08, 2017

Modified: Apr. 20, 2025
8.1

HIGH

CVE-2016-9698

IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume a...

Affected Products : rational_rhapsody_design_manager
Published: Jun. 08, 2017

Modified: Apr. 20, 2025
4.3

MEDIUM

CVE-2016-8987

IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an authenticated user to view incorrect item sets that they should not have access to view....

Affected Products : maximo_application_suite maximo_asset_management
Published: Jun. 08, 2017

Modified: Apr. 20, 2025
8.1

HIGH

CVE-2016-6098

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors....

Affected Products : security_key_lifecycle_manager tivoli_key_lifecycle_manager
Published: Jun. 08, 2017

Modified: Apr. 20, 2025
9.8

CRITICAL

CVE-2016-6093

IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts....

Affected Products : security_key_lifecycle_manager tivoli_key_lifecycle_manager
Published: Jun. 08, 2017

Modified: Apr. 20, 2025
7.8

HIGH

CVE-2015-3913

The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denial of service (reboot) via a crafted ICMP request message....

Affected Products : s3300_firmware s12700_firmware s2300_firmware s2700_firmware s7700_firmware s9300_firmware s9700_firmware s3700_firmware s2350ei_firmware s5300ei_firmware +34 more products
Published: Jun. 08, 2017

Modified: Apr. 20, 2025
7.5

HIGH

CVE-2015-3634

The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values....

Affected Products : slideshow
Published: Jun. 08, 2017

Modified: Apr. 20, 2025
10.0

CRITICAL

CVE-2015-2692

AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and to disable arbitrary blocking filters....

Affected Products : adblock
Published: Jun. 08, 2017

Modified: Apr. 20, 2025
8.8

HIGH

CVE-2015-1786

Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers....

Affected Products : zend_framework
Published: Jun. 08, 2017

Modified: Apr. 20, 2025
6.1

MEDIUM

CVE-2015-1588

Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21....

Affected Products : open-xchange_appsuite open-xchange_server
Published: Jun. 08, 2017

Modified: Apr. 20, 2025
7.5

HIGH

CVE-2015-1379

The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to cause a denial of service (process freeze or crash)....

Affected Products : socat
Published: Jun. 08, 2017

Modified: Apr. 20, 2025

Showing 20 of 294690 Results

Browse by Apps

Latest CVE Feed

8.8

6.1

9.3

5.4

6.1

7.5

5.9

5.4

8.0

5.3

8.1

4.3

8.1

9.8

7.8

7.5

10.0

8.8

6.1

7.5

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable