Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2017-6127

    Multiple cross-site request forgery (CSRF) vulnerabilities in the access portal on the DIGISOL DG-HR1400 Wireless Router with firmware 1.00.02 allow remote attackers to hijack the authentication of administrators for requests that (1) change the SSID, (2)... Read more

    Affected Products : dg-hr1400_firmware dg-hr1400
    • Published: Feb. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-4057

    The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover the admin user password by sniffing the network.... Read more

    Affected Products : vce_vision_intelligent_operations
    • Published: Feb. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.7

    MEDIUM
    CVE-2015-4056

    The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrative access.... Read more

    Affected Products : vce_vision_intelligent_operations
    • Published: Feb. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-6098

    A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parameter: list_id.... Read more

    Affected Products : mail-masta
    • Published: Feb. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-6097

    A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the POST Parameter: camp_id.... Read more

    Affected Products : mail-masta
    • Published: Feb. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-6096

    A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list.... Read more

    Affected Products : mail-masta
    • Published: Feb. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-6095

    A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id.... Read more

    Affected Products : mail-masta
    • Published: Feb. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-6078

    FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a denial of service (application crash) via a malformed BMP image with a crafted biSize field in the BITMAPINFOHEADER section.... Read more

    Affected Products : maxview
    • Published: Feb. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-6072

    CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via defaultadmin.... Read more

    Affected Products : cms_made_simple form_builder
    • Published: Feb. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-6071

    CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to conduct information-disclosure attacks via exportxml.... Read more

    Affected Products : cms_made_simple form_builder
    • Published: Feb. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-6070

    CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows remote attackers to execute PHP code via the cntnt01fbrp_forma_form_template parameter in admin_store_form.... Read more

    Affected Products : cms_made_simple form_builder
    • Published: Feb. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5959

    CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The forgotpassword.php page can be used to acquire a token.... Read more

    Affected Products : genixcms
    • Published: Feb. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-5881

    GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file.... Read more

    Affected Products : gom_player
    • Published: Feb. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-9316

    Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote u... Read more

    • Published: Feb. 21, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-9315

    Privilege Escalation Vulnerability in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privile... Read more

    • Published: Feb. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-9314

    Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the... Read more

    • Published: Feb. 21, 2017
    • Modified: Apr. 20, 2025

  • 9.9

    CRITICAL
    CVE-2016-9269

    Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in Trend Micro Interscan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to run arbitrary com... Read more

    • Published: Feb. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-10227

    Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote attackers to cause a denial of service (CPU consumption) via a flood of ICMPv4 Port Unreachable packets.... Read more

    • Published: Feb. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-0038

    gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to ob... Read more

    • Published: Feb. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-6249

    F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout during user account authentication may log sensitive attributes such as passwords in plaintext to /var/log/restjavad.0.log. It may allow local users to obtain sensitive information by readin... Read more

    • Published: Feb. 20, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293509 Results