Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2016-4895

    SetsucoCMS all versions allows remote authenticated attackers to conduct code injection attacks via unspecified vectors.... Read more

    Affected Products : setucocms
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-4894

    SetsucoCMS all versions allows remote attackers to cause a denial of service via unspecified vectors.... Read more

    Affected Products : setucocms
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4893

    SQL injection vulnerability in the SetsucoCMS all versions allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : setucocms
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-4892

    Cross-site scripting vulnerability in SetsucoCMS all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : setucocms
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4891

    Cross-site request forgery (CSRF) vulnerability in SetsucoCMS all versions allows remote attackers to hijack the authentication of an administrator to change settings via unspecified vectors.... Read more

    Affected Products : setucocms
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-4337

    SQL injection vulnerability in the mgr.login.php file in Ktools.net Photostore before 4.7.5 allows remote attackers to execute arbitrary SQL commands via the email parameter in a recover_login action.... Read more

    Affected Products : photostore
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-2803

    Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML.... Read more

    Affected Products : bugzilla
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-1179

    Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML.... Read more

    Affected Products : a-blog_cms
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-1178

    The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors.... Read more

    Affected Products : a-blog_cms
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-7564

    Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (... Read more

    Affected Products : teampass
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-7563

    Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.... Read more

    Affected Products : teampass
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-7562

    Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.... Read more

    Affected Products : teampass
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-6059

    Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.... Read more

    Affected Products : mod_auth_openidc mod_auth_openidc
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-9959

    game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.... Read more

    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-9958

    game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.... Read more

    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-9957

    Stack-based buffer overflow in game-music-emu before 0.6.1.... Read more

    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-6808

    Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42.... Read more

    Affected Products : tomcat_jk_connector
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-4459

    Stack-based buffer overflow in native/mod_manager/node.c in mod_cluster 1.2.9.... Read more

    Affected Products : enterprise_linux mod_cluster
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-8719

    An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be exec... Read more

    Affected Products : awk-3131a_firmware awk-3131a
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-8718

    An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web s... Read more

    Affected Products : awk-3131a_firmware awk-3131a
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293647 Results