Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.0

    HIGH
    CVE-2016-8589

    log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.... Read more

    Affected Products : threat_discovery_appliance
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.3

    HIGH
    CVE-2016-8588

    The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via shell metacharacters in the file name of an uploaded file.... Read more

    Affected Products : threat_discovery_appliance
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.3

    HIGH
    CVE-2016-8587

    dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via an archive file containing a symlink to /eng_ptn_stores/prod/sensorSDK/data/ or /eng_ptn_stores/prod/sen... Read more

    Affected Products : threat_discovery_appliance
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2016-8586

    detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id parameter.... Read more

    Affected Products : threat_discovery_appliance
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2016-8585

    admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezone parameter.... Read more

    Affected Products : threat_discovery_appliance
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-8584

    Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses predictable session values, which allows remote attackers to bypass authentication by guessing the value.... Read more

    Affected Products : threat_discovery_appliance
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-1194

    IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 123669.... Read more

    Affected Products : websphere_application_server
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2017-1141

    IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an authenticated user to obtain sensitive information from error messages. IBM X-Force ID: 121907.... Read more

    Affected Products : insights_foundation_for_energy
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-2156

    Untrusted search path vulnerability in Vivaldi installer for Windows prior to version 1.7.735.48 allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory.... Read more

    Affected Products : vivaldi_installer_for_windows
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-2155

    Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 and earlier, and 6.0.3.09 and earlier allows remote attackers to execute arbitrary code via specially crafted webpage.... Read more

    Affected Products : hoozin_viewer
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-2154

    Untrusted search path vulnerability in Hanako 2017, Hanako 2016, Hanako 2015, Hanako Pro 3, JUST Office 3 [Standard], JUST Office 3 [Eco Print Package], JUST Office 3 & Tri-De DataProtect Package, JUST Government 3, JUST Jump Class 2, JUST Frontier 3, JUS... Read more

    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-2153

    SEIL/x86 Fuji 1.70 to 5.62, SEIL/BPV4 5.00 to 5.62, SEIL/X1 1.30 to 5.62, SEIL/X2 1.30 to 5.62, SEIL/B1 1.00 to 5.62 allows remote attackers to cause a denial of service via specially crafted IPv4 UDP packets.... Read more

    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2017-2152

    WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors.... Read more

    Affected Products : wnc01wh_firmware wnc01wh
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-2151

    Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : booking_calendar
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-2150

    Directory traversal vulnerability in Booking Calendar version 7.0 and earlier allows remote attackers to read arbitrary files via specially crafted captcha_chalange parameter.... Read more

    Affected Products : booking_calendar
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2149

    Untrusted search path vulnerability in installers of the software for SDHC/SDXC Memory Card with embedded NFC functionality Software Update Tool V1.00.03 and earlier, SDHC Memory Card with embedded wireless LAN functionality FlashAir Configuration Softwar... Read more

    Affected Products : flashair
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-2148

    Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : wn-ac1167gr_firmware wn-ac1167gr
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-2147

    Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : wp_statistics wp_statistics
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-2143

    CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a customer purchased item via rma.post.php.... Read more

    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-2142

    Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.... Read more

    Affected Products : wn-g300r3_firmware wn-g300r3
    • Published: Apr. 28, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 294068 Results