Latest CVE Feed

Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
  • 6.1

    MEDIUM
    CVE-2016-2803

    Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML.... Read more

    Affected Products : bugzilla
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025
  • 6.1

    MEDIUM
    CVE-2016-1179

    Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML.... Read more

    Affected Products : a-blog_cms
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025
  • 6.5

    MEDIUM
    CVE-2016-1178

    The session management of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to obtain or modify sensitive data via unspecified vectors.... Read more

    Affected Products : a-blog_cms
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025
  • 9.8

    CRITICAL
    CVE-2015-7564

    Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (... Read more

    Affected Products : teampass
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025
  • 8.8

    HIGH
    CVE-2015-7563

    Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.... Read more

    Affected Products : teampass
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025
  • 6.1

    MEDIUM
    CVE-2015-7562

    Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.... Read more

    Affected Products : teampass
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025
  • 7.5

    HIGH
    CVE-2017-6059

    Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request.... Read more

    Affected Products : mod_auth_openidc mod_auth_openidc
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025
  • 7.8

    HIGH
    CVE-2016-9959

    game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.... Read more

    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025
  • 7.8

    HIGH
    CVE-2016-9958

    game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.... Read more

    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025
  • 7.8

    HIGH
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025
  • 9.8

    CRITICAL
    CVE-2016-6808

    Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42.... Read more

    Affected Products : tomcat_jk_connector
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025
  • 7.8

    HIGH
    CVE-2016-4459

    Stack-based buffer overflow in native/mod_manager/node.c in mod_cluster 1.2.9.... Read more

    Affected Products : enterprise_linux mod_cluster
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025
  • 7.5

    HIGH
    CVE-2016-8719

    An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Specially crafted input, in multiple parameters, can cause a malicious scripts to be exec... Read more

    Affected Products : awk-3131a_firmware awk-3131a
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025
  • 8.8

    HIGH
    CVE-2016-8718

    An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a client into making an unintentional request to the web s... Read more

    Affected Products : awk-3131a_firmware awk-3131a
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025
  • 7.5

    HIGH
    CVE-2016-8716

    An exploitable Cleartext Transmission of Password vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. The Change Password functionality of the Web Application transmits the password in cl... Read more

    Affected Products : awk-3131a_firmware awk-3131a
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025
  • 5.5

    MEDIUM
    CVE-2017-7742

    In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with read memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585.... Read more

    Affected Products : libsndfile
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025
  • 5.5

    MEDIUM
    CVE-2017-7741

    In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585... Read more

    Affected Products : libsndfile
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025
  • 10.0

    CRITICAL
    CVE-2017-7722

    In SolarWinds Log & Event Manager (LEM) before 6.3.1 Hotfix 4, a menu system is encountered when the SSH service is accessed with "cmc" and "password" (the default username and password). By exploiting a vulnerability in the restrictssh feature of the men... Read more

    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025
  • 9.8

    CRITICAL
    CVE-2017-7719

    SQL injection in the Spider Event Calendar (aka spider-event-calendar) plugin before 1.5.52 for WordPress is exploitable with the order_by parameter to calendar_functions.php or widget_Theme_functions.php, related to front_end/frontend_functions.php.... Read more

    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025
  • 5.5

    MEDIUM
    CVE-2017-7716

    The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Web Assembly file.... Read more

    Affected Products : radare2
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293961 Results