Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.5

    MEDIUM
    CVE-2016-5321

    The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of service (invalid read and crash) via a crafted tiff image.... Read more

    Affected Products : libtiff opensuse
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-5319

    Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted bmp file.... Read more

    Affected Products : libtiff
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-5318

    Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remote attackers to crash the application via a crafted tiff.... Read more

    Affected Products : libtiff
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-5317

    Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libtiff 4.0.6 and earlier, as used in GNOME nautilus, allows attackers to cause a denial of service attack (crash) via a crafted TIFF file.... Read more

    Affected Products : libtiff opensuse leap
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-5316

    Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier allows remote attackers to crash the application by sending a crafted TIFF image to the rgb2ycbcr tool.... Read more

    Affected Products : libtiff opensuse leap
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2014-9755

    The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows remote attackers ... Read more

    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2014-9754

    The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows an attacker to pe... Read more

    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2014-2045

    Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the ... Read more

    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-5543

    includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.... Read more

    Affected Products : subrion
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-5542

    Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter.... Read more

    Affected Products : symphony symphony_cms
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-5541

    Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters.... Read more

    Affected Products : symphony symphony_cms
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-2578

    In Moodle 3.x, there is XSS in the assignment submission page.... Read more

    Affected Products : moodle
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-2576

    In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums.... Read more

    Affected Products : moodle
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-8644

    In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context.... Read more

    Affected Products : moodle
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-8643

    In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services.... Read more

    Affected Products : moodle
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-8642

    In Moodle 2.x and 3.x, the question engine allows access to files that should not be available.... Read more

    Affected Products : moodle
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.3

    HIGH
    CVE-2016-7038

    In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.... Read more

    Affected Products : moodle
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2016-5014

    In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.... Read more

    Affected Products : moodle
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2016-5013

    In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam.... Read more

    Affected Products : moodle
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-5012

    In Moodle 3.x, glossary search displays entries without checking user permissions to view them.... Read more

    Affected Products : moodle
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292916 Results