Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.4

    HIGH
    CVE-2016-8495

    An improper certificate validation vulnerability in Fortinet FortiManager 5.0.6 through 5.2.7 and 5.4.0 through 5.4.1 allows remote attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack via the Fortisandbox devices probing feature.... Read more

    Affected Products : fortimanager_firmware fortimanager
    • Published: Feb. 13, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-5964

    An issue was discovered in Emoncms through 9.8.0. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "emoncms-master/Modules/vis/visualisations/compare.php" URL. An attacker could ex... Read more

    Affected Products : emoncms emoncms
    • Published: Feb. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-5963

    An issue was discovered in caddy (for TYPO3) before 7.2.10. The vulnerability exists due to insufficient filtration of user-supplied data in the "paymillToken" HTTP POST parameter passed to the "caddy/Resources/Public/JavaScript/e-payment/paymill/api/php/... Read more

    Affected Products : typo3 caddy
    • Published: Feb. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-5962

    An issue was discovered in contexts_wurfl (for TYPO3) before 0.4.2. The vulnerability exists due to insufficient filtration of user-supplied data in the "force_ua" HTTP GET parameter passed to the "/contexts_wurfl/Library/wurfl-dbapi-1.4.4.0/check_wurfl.p... Read more

    Affected Products : typo3 contexts_wurfl
    • Published: Feb. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-5961

    An issue was discovered in ionize through 1.0.8. The vulnerability exists due to insufficient filtration of user-supplied data in the "path" HTTP GET parameter passed to the "ionize-master/themes/admin/javascript/tinymce/jscripts/tiny_mce/plugins/codemirr... Read more

    Affected Products : ionize
    • Published: Feb. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-5960

    An issue was discovered in Phalcon Eye through 0.4.1. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "phalconeye-master/public/external/pydio/plugins/editor.webodf/frame.php" URL... Read more

    Affected Products : phalconeye
    • Published: Feb. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-3302

    Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x before 5.7.5 and MariaDB through 5.5.54, 10.0.x through 10.0.29, 10.1.x through 10.1.21, and 10.2.x through 10.2.3.... Read more

    • Published: Feb. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-8713

    A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10.5.9.9. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a... Read more

    Affected Products : nitro_pdf_pro
    • Published: Feb. 10, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-8711

    A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to t... Read more

    Affected Products : nitro_pdf_pro
    • Published: Feb. 10, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-8709

    A remote out of bound write / memory corruption vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a speci... Read more

    Affected Products : nitro_pdf_pro
    • Published: Feb. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5954

    An issue was discovered in the serialize-to-js package 0.5.0 for Node.js. Untrusted data passed into the deserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expres... Read more

    Affected Products : serialize-to-js
    • Published: Feb. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5953

    vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.... Read more

    Affected Products : vim
    • Published: Feb. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-5945

    An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the "poodll_audio_url" HTTP GET parameter passed to the "filter_poodll_moodle32_2016112802/pood... Read more

    Affected Products : moodle-filter_poodll
    • Published: Feb. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-5942

    An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail.... Read more

    Affected Products : wp_mail
    • Published: Feb. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-10216

    An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The vulnerability exists due to insufficient filtration of user-supplied data in the "value" HTTP POST parameter passed to the "itdb-1.23/js/DataTables-1.8.2/examples/examples_support/edita... Read more

    Affected Products : it_items_database
    • Published: Feb. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-10215

    An issue was discovered in Fastspot BigTree bigtree-form-builder before 1.2. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP POST parameters passed to a "site/index.php/../../extensions/com.fastspot.form-buil... Read more

    Affected Products : bigtree-form-builder
    • Published: Feb. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-5858

    An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks.... Read more

    Affected Products : converse.js
    • Published: Feb. 09, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-5606

    An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks.... Read more

    Affected Products : xabber
    • Published: Feb. 09, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-5605

    An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks.... Read more

    Affected Products : movim
    • Published: Feb. 09, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-5604

    An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks.... Read more

    Affected Products : mcabber
    • Published: Feb. 09, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293508 Results