Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2016-1148

    Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates.... Read more

    Affected Products : akerun
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-0833

    Android allows users to cause a denial of service.... Read more

    Affected Products : android
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7951

    WonderCMS before 2.0.3 has CSRF because of lack of a token in an unspecified context.... Read more

    Affected Products : wondercms
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7409

    Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674.... Read more

    Affected Products : pan-os
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-7220

    OpenText Documentum Content Server allows superuser access via sys_obj_save or save of a crafted object, followed by an unauthorized "UPDATE dm_dbo.dm_user_s SET user_privileges=16" command, aka an "RPC save-commands" attack. NOTE: this vulnerability exis... Read more

    Affected Products : documentum_content_server
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-4075

    Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the displayed URL via a crafted HTML document, related to the about:blank URL.... Read more

    Affected Products : opera_browser opera_mini
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7990

    The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with resultant XSS, in which administrative authentication is hijacked to insert JavaScript into a name field in webapp/reports/manageReports.jsp.... Read more

    Affected Products : openmrs_module_reporting
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-6619

    A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability exists because the affected software does not... Read more

    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-6618

    A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. The vulnerability is due to insufficient validation of user-supplied... Read more

    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-6617

    A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system. The v... Read more

    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.0

    HIGH
    CVE-2017-6616

    A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability exists because the affected software does not suf... Read more

    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.3

    MEDIUM
    CVE-2017-6615

    A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a race condition that could occur when ... Read more

    Affected Products : ios_xe
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2017-6614

    A vulnerability in the file-download feature of the web user interface for Cisco FindIT Network Probe Software 1.0.0 could allow an authenticated, remote attacker to download and view any system file by using the affected software. The vulnerability is du... Read more

    Affected Products : findit_network_probe
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2017-6613

    A vulnerability in the DNS input packet processor for Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause the DNS process to momentarily restart, which could lead to a partial denial of service (DoS) condition on the aff... Read more

    Affected Products : prime_network_registrar
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6611

    A vulnerability in the web framework code of Cisco Prime Infrastructure 2.2(2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability i... Read more

    Affected Products : prime_infrastructure
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.7

    HIGH
    CVE-2017-6610

    A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of an affected system. The vulnerability is due to insufficient validation of the IKEv1 XAUTH p... Read more

    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.7

    HIGH
    CVE-2017-6609

    A vulnerability in the IPsec code of Cisco ASA Software could allow an authenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of malformed IPsec packets. An attacker could exploit this vulnera... Read more

    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 8.6

    HIGH
    CVE-2017-6608

    A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper parsing of craft... Read more

    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 8.7

    HIGH
    CVE-2017-6607

    A vulnerability in the DNS code of Cisco ASA Software could allow an unauthenticated, remote attacker to cause an affected device to reload or corrupt the information present in the device's local DNS cache. The vulnerability is due to a flaw in handling ... Read more

    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2017-4969

    The Cloud Controller in Cloud Foundry cf-release versions prior to v255 allows authenticated developer users to exceed memory and disk quotas for tasks.... Read more

    Affected Products : cf-release
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293983 Results