Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-10331

    Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter.... Read more

    Affected Products : photo_station
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2016-10330

    Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors.... Read more

    Affected Products : photo_station
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10329

    Command injection vulnerability in login.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to execute arbitrary code via shell metacharacters in the crafted 'X-Forwarded-For' header.... Read more

    Affected Products : photo_station
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-8921

    In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft coul... Read more

    Affected Products : flightgear
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7486

    PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.... Read more

    Affected Products : postgresql
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-7485

    In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3, it was found that the PGREQUIRESSL environment variable was no longer enforcing a SSL/TLS connection to a PostgreSQL server. An active Man-in-the-Middle at... Read more

    Affected Products : postgresql
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-7484

    It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibl... Read more

    Affected Products : postgresql
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7474

    It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not handle invalid tokens correctly. An attacker could use this flaw to bypass authentication and gain access to restricted information, or to possibly conduct further attacks.... Read more

    Affected Products : keycloak-nodejs-auth-utils
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-2167

    Untrusted search path vulnerability in Installer for PrimeDrive Desktop Application version 1.4.4 and earlier allows remote attackers to execute arbitrary code via a specially crafted executable file in an unspecified directory.... Read more

    Affected Products : primedrive_desktop_application
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-2164

    Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : soy_cms
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-2163

    Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id.... Read more

    Affected Products : soy_cms
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.3

    HIGH
    CVE-2017-2157

    Untrusted search path vulnerability in installers for The Public Certification Service for Individuals "The JPKI user's software (for Windows 7 and later)" Ver3.1 and earlier, The Public Certification Service for Individuals "The JPKI user's software (for... Read more

    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-2122

    Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, 6.9.0, 6.9.1 and 6.9.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : nessus
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4887

    Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Uploader version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.... Read more

    Affected Products : basercms
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4886

    Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.... Read more

    Affected Products : basercms
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4885

    Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Feed version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.... Read more

    Affected Products : basercms
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4884

    Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.... Read more

    Affected Products : basercms
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-4883

    Cross-site scripting vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : basercms
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4882

    Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.... Read more

    Affected Products : basercms
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4881

    Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.... Read more

    Affected Products : basercms
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294274 Results