Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-5543

    includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote attackers to conduct PHP Object Injection attacks via crafted serialized data in a salt cookie in a login request.... Read more

    Affected Products : subrion
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-5542

    Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to inject arbitrary web script or HTML via the existing-folder parameter.... Read more

    Affected Products : symphony symphony_cms
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-5541

    Directory traversal vulnerability in template/usererror.missing_extension.php in Symphony CMS before 2.6.10 allows remote attackers to rename arbitrary files via a .. (dot dot) in the existing-folder and new-folder parameters.... Read more

    Affected Products : symphony symphony_cms
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-2578

    In Moodle 3.x, there is XSS in the assignment submission page.... Read more

    Affected Products : moodle
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-2576

    In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums.... Read more

    Affected Products : moodle
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-8644

    In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context.... Read more

    Affected Products : moodle
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-8643

    In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services.... Read more

    Affected Products : moodle
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-8642

    In Moodle 2.x and 3.x, the question engine allows access to files that should not be available.... Read more

    Affected Products : moodle
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.3

    HIGH
    CVE-2016-7038

    In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.... Read more

    Affected Products : moodle
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2016-5014

    In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.... Read more

    Affected Products : moodle
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.8

    MEDIUM
    CVE-2016-5013

    In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam.... Read more

    Affected Products : moodle
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-5012

    In Moodle 3.x, glossary search displays entries without checking user permissions to view them.... Read more

    Affected Products : moodle
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10143

    A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to read arbitrary files on a targeted system via a crafted pathname in a banner URL field.... Read more

    Affected Products : tikiwiki_cms\/groupware
    • Published: Jan. 20, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-5725

    Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.... Read more

    Affected Products : windows jsch
    • Published: Jan. 19, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-9016

    Firejail 0.9.38.4 allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.... Read more

    Affected Products : firejail
    • Published: Jan. 19, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-7794

    sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository name.... Read more

    Affected Products : git-hub
    • Published: Jan. 19, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-7793

    sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to execute arbitrary code via a crafted repository URL.... Read more

    Affected Products : git-hub
    • Published: Jan. 19, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-7545

    SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.... Read more

    • Published: Jan. 19, 2017
    • Modified: Apr. 20, 2025

  • 8.4

    HIGH
    CVE-2016-7543

    Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.... Read more

    Affected Products : bash fedora
    • Published: Jan. 19, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-10075

    The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.... Read more

    Affected Products : tqdm
    • Published: Jan. 19, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293168 Results