Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.8

    HIGH
    CVE-2016-6546

    The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. The base64 encoding format is considered equivalent to cleartext.... Read more

    Affected Products : itrackeasy
    • EPSS Score: %0.08
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-6545

    Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this implementation, sessions can only be terminated when the... Read more

    Affected Products : itrackeasy itrackeasy
    • EPSS Score: %1.18
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-6544

    getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device.... Read more

    Affected Products : itrack_easy itrackeasy
    • EPSS Score: %1.21
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-6543

    A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device.... Read more

    Affected Products : itrack_easy itrackeasy
    • EPSS Score: %0.96
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-6542

    The iTrack device tracking ID number, also called "LosserID" in the web API, can be obtained by being in the range of an iTrack device. The tracker ID is the device's BLE MAC address.... Read more

    Affected Products : itrackeasy itrackeasy
    • EPSS Score: %0.36
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-6541

    TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vuln... Read more

    Affected Products : trackr_bravo_firmware trackr_bravo
    • EPSS Score: %0.95
    • Published: Jul. 06, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-6540

    Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as described in CVE-2016-6539. Updated apps, version 5.1.... Read more

    Affected Products : trackr_bravo_firmware trackr_bravo
    • EPSS Score: %0.46
    • Published: Jul. 06, 2018
    • Modified: Nov. 21, 2024

  • 3.5

    LOW
    CVE-2016-6539

    The Trackr device ID is constructed of a manufacturer identifier of four zeroes followed by the BLE MAC address in reverse. The MAC address can be obtained by being in close proximity to the Bluetooth device, effectively exposing the device ID. The ID can... Read more

    Affected Products : trackr_firmware trackr
    • EPSS Score: %0.16
    • Published: Jul. 06, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-6538

    The TrackR Bravo mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vulnerabilities in ... Read more

    Affected Products : trackr_bravo_firmware trackr_bravo
    • EPSS Score: %0.34
    • Published: Jul. 06, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-6353

    Cloudera Search in CDH before 5.7.0 allows unauthorized document access because Solr Queries by document id can bypass Sentry document-level security via the RealTimeGetHandler.... Read more

    Affected Products : cdh
    • EPSS Score: %0.18
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-6343

    JBoss BPM Suite 6 is vulnerable to a reflected XSS via dashbuilder. Remote attackers can entice authenticated users that have privileges to access dashbuilder (usually admins) to click on links to /dashbuilder/Controller containing malicious scripts. Succ... Read more

    Affected Products : jboss_bpm_suite
    • EPSS Score: %0.38
    • Published: Oct. 31, 2018
    • Modified: Nov. 21, 2024

  • 8.1

    HIGH
    CVE-2016-6328

    A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' privat... Read more

    Affected Products : ubuntu_linux debian_linux libexif
    • EPSS Score: %1.16
    • Published: Oct. 31, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-6272

    XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. NOTE: this was originally reported as a SQL injection... Read more

    Affected Products : mychart
    • EPSS Score: %12.86
    • Published: Feb. 20, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-6217

    Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.... Read more

    Affected Products : linux_kernel puremessage
    • EPSS Score: %0.10
    • Published: Jan. 26, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-6169

    Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (memory corruption and application crash) or potentially execute arbitrary code via the Bezier data in a crafte... Read more

    Affected Products : foxit_reader phantompdf
    • EPSS Score: %0.38
    • Published: Feb. 07, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-6168

    Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a crafted PDF file.... Read more

    Affected Products : foxit_reader phantompdf
    • EPSS Score: %0.35
    • Published: Feb. 07, 2018
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-6154

    The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).... Read more

    Affected Products : fireware windows
    • EPSS Score: %0.29
    • Published: Aug. 23, 2019
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2016-5819

    Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editions prior to Version 1.7 allows a reflected cross-site scripting attack which may allow an attacker to execute arbitrary script code in the user’s browser ... Read more

    • EPSS Score: %0.18
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-5800

    A malicious attacker can trigger a remote buffer overflow in the Communication Server in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Designer Version 1.2.8.0.... Read more

    • EPSS Score: %0.36
    • Published: Mar. 21, 2019
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-5724

    Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles.... Read more

    Affected Products : cdh
    • EPSS Score: %0.40
    • Published: Nov. 26, 2019
    • Modified: Nov. 21, 2024
Showing 20 of 291722 Results