Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.9

    MEDIUM
    CVE-2017-7485

    In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle at... Read more

    Affected Products : postgresql
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7484

    It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibl... Read more

    Affected Products : postgresql
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7474

    It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.... Read more

    Affected Products : keycloak-nodejs-auth-utils
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-2167

    Untrusted search path vulnerability in Installer for PrimeDrive Desktop Application version 1.4.4 and earlier allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory.... Read more

    Affected Products : primedrive_desktop_application
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-2164

    Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : soy_cms
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-2163

    Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id.... Read more

    Affected Products : soy_cms
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.3

    HIGH
    CVE-2017-2157

    Untrusted search path vulnerability in installers for The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.1 and earlier, The Public Certification Service for Individuals "The JPKI user's software (for... Read more

    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-2122

    Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : nessus
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4887

    Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Uploader version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.... Read more

    Affected Products : basercms
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4886

    Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.... Read more

    Affected Products : basercms
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4885

    Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Feed version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.... Read more

    Affected Products : basercms
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4884

    Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.... Read more

    Affected Products : basercms
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-4883

    Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : basercms
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4882

    Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.... Read more

    Affected Products : basercms
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4881

    Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.... Read more

    Affected Products : basercms
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-4880

    Cross-site scripting vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : basercms
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4879

    Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.... Read more

    Affected Products : basercms mail
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4878

    Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.... Read more

    Affected Products : basercms
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-4877

    Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : basercms mail
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4876

    Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspecified vectors.... Read more

    Affected Products : basercms
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294209 Results