Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 10.0

    HIGH
    CVE-2016-10426

    In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 810, SD 820, and SD 820A, a buffer overflow can occur in SafeSwitch.... Read more

    • Published: Apr. 18, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10387

    In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a handover scenario.... Read more

    Affected Products : android
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-10390

    In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a file, an excessive amount of memory may be consumed.... Read more

    Affected Products : android
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-10382

    In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient.... Read more

    Affected Products : android
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-10372

    The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password (which defaults to the W... Read more

    Affected Products : d1000_modem_firmware d1000_modem
    • Published: May. 16, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-10346

    In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in the hypervisor.... Read more

    Affected Products : android
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-10347

    In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a hypervisor function is not properly validated.... Read more

    Affected Products : android
    • Published: Aug. 18, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-10298

    An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393252.... Read more

    Affected Products : android
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    CRITICAL
    CVE-2020-28628

    Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker ca... Read more

    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10307

    Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and StrataLink 3.0 devices have a built-in, hidden root account, with a default password for which the MD5 hash value is public (but the cleartext value is perhaps not yet public). This acco... Read more

    • Published: Mar. 30, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    CRITICAL
    CVE-2020-28618

    Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker ca... Read more

    • Published: Apr. 18, 2022
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10229

    udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP traffic that triggers an unsafe second checksum calculation during execution of a recv system call with the MSG_PEEK flag.... Read more

    Affected Products : android linux_kernel
    • Published: Apr. 04, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-10299

    An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-32577244.... Read more

    Affected Products : android
    • Published: Apr. 04, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2020-24636

    A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and belo... Read more

    • Published: Mar. 29, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-10178

    An issue was discovered on the D-Link DWR-932B router. HELODBG on port 39889 (UDP) launches the "/sbin/telnetd -l /bin/sh" command.... Read more

    Affected Products : dwr-932b_firmware dwr-932b
    • Published: Jan. 30, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-10150

    Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev... Read more

    Affected Products : linux_kernel
    • Published: Feb. 06, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-10107

    Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 index.php page via a modified Cookie header.... Read more

    Affected Products : mycloud_nas
    • Published: Jan. 03, 2017
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-10115

    NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default password of 12345678, which makes it easier for remote attack... Read more

    • Published: Jan. 04, 2017
    • Modified: Apr. 12, 2025

  • 10.0

    HIGH
    CVE-2016-10108

    Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.... Read more

    Affected Products : mycloud_nas
    • Published: Jan. 03, 2017
    • Modified: Apr. 12, 2025

  • 10.0

    CRITICAL
    CVE-2016-10043

    An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The MSM_MACRO_NAME POST parameter in /swms/ms.cgi was discovered to be vulnerable to OS command injection attacks. It is possible to use the pipe character (|) to inject arbitrary OS commands ... Read more

    Affected Products : web_panel
    • Published: Jan. 31, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 293353 Results