Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.3

    MEDIUM
    CVE-2017-3815

    An API Privilege vulnerability in Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to emulate Cisco TelePresence Server endpoints. Affected Products: This vulnerability affects Cisco TelePresence Server MSE 8710 Processor... Read more

    Affected Products : telepresence_server_software
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-3811

    An XML External Entity vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to have read access to part of the information stored in the affected system. More Information: CSCvc39165. Known Affected Releases: 2.6. Kno... Read more

    Affected Products : webex_meetings_server
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-6880

    Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command.... Read more

    Affected Products : cerberus_ftp_server
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-6370

    TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network and reading the userident and username fields.... Read more

    Affected Products : typo3
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2015-7313

    LibTIFF before 4.0.7 allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted tiff file.... Read more

    Affected Products : libtiff
    • Published: Mar. 17, 2017
    • Modified: Aug. 27, 2025

  • 5.5

    MEDIUM
    CVE-2015-4645

    Integer overflow in the read_fragment_table_4 function in unsquash-4.c in Squashfs and sasquatch allows remote attackers to cause a denial of service (application crash) via a crafted input, which triggers a stack-based buffer overflow.... Read more

    Affected Products : fedora squashfs
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-3884

    Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute arbitrary code by uploading a file with an executable e... Read more

    Affected Products : qdpm
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2015-3883

    Multiple cross-site scripting (XSS) vulnerabilities in qdPM 8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) search[keywords] parameter to index.php/users page; the (2) "Name of application" on index.php/configuration; (3) a n... Read more

    Affected Products : qdpm
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2015-3882

    qdPM 8.3 allows remote attackers to obtain sensitive information via invalid ID value to index.php/users/info/id/[ID], which reveals the installation path in an error message.... Read more

    Affected Products : qdpm
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-3881

    Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to (1) core/config/databases.yml, (2) core/log/qdPM_prod.log, or (3) core/apps/qdPM/config/settings.yml.... Read more

    Affected Products : qdpm
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2014-9854

    coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the "identification of image."... Read more

    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2014-9853

    Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file.... Read more

    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2014-9852

    distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors.... Read more

    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2014-8723

    GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation path in an error message.... Read more

    Affected Products : getsimple_cms
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2014-8722

    GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) data/users/<username>.xml, (2) backups/users/<username>.xml.bak, (3) data/other/authorization.xml, or (4) data/other/appid.xml.... Read more

    Affected Products : getsimple_cms
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2014-8708

    Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via the blog form feature.... Read more

    Affected Products : pluck
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2014-8707

    Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 allows remote authenticated users to inject arbitrary web script or HTML via the "edit HTML source" option.... Read more

    Affected Products : pluck
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2014-8706

    Pluck CMS 4.7.2 allows remote attackers to obtain sensitive information by (1) changing "PHPSESSID" to an array; (2) adding non-alphanumeric chars to "PHPSESSID"; (3) changing the image parameter to an array; or (4) changing the image parameter to a strin... Read more

    Affected Products : pluck
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2014-8705

    PHP remote file inclusion vulnerability in editInplace.php in Wonder CMS 2014 allows remote attackers to execute arbitrary PHP code via a URL in the hook parameter.... Read more

    Affected Products : wondercms
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2014-8704

    Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme.... Read more

    Affected Products : wondercms
    • Published: Mar. 17, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293615 Results