Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2016-6562

    On iOS and Android devices, the ShoreTel Mobility Client app version 9.1.3.109 fails to properly validate SSL certificates provided by HTTPS connections, which means that an attacker in the position to perform MITM attacks may be able to obtain sensitive ... Read more

    Affected Products : shortel_mobility_client
    • EPSS Score: %0.12
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-6559

    Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used b... Read more

    Affected Products : freebsd
    • EPSS Score: %1.05
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-6558

    A command injection vulnerability exists in apply.cgi on the ASUS RP-AC52 access point, firmware version 1.0.1.1s and possibly earlier, web interface specifically in the action_script parameter. The action_script parameter specifies a script to be execute... Read more

    • EPSS Score: %4.24
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-6557

    In ASUS RP-AC52 access points with firmware version 1.0.1.1s and possibly earlier, the web interface, the web interface does not sufficiently verify whether a valid request was intentionally provided by the user. An attacker can perform actions with the s... Read more

    • EPSS Score: %0.10
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2016-6556

    OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when ... Read more

    Affected Products : opennms
    • EPSS Score: %0.30
    • Published: Sep. 24, 2021
    • Modified: Nov. 21, 2024

  • 7.1

    HIGH
    CVE-2016-6555

    OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the ... Read more

    Affected Products : opennms
    • EPSS Score: %0.30
    • Published: Sep. 24, 2021
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-6554

    Synology NAS servers DS107, firmware version 3.1-1639 and prior, and DS116, DS213, firmware versions prior to 5.2-5644-1, use non-random default credentials of: guest:(blank) and admin:(blank) . A remote network attacker can gain privileged access to a vu... Read more

    • EPSS Score: %1.83
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-6553

    Nuuo NT-4040 Titan, firmware NT-4040_01.07.0000.0015_1120, uses non-random default credentials of: admin:admin and localdisplay:111111. A remote network attacker can gain privileged access to a vulnerable device.... Read more

    • EPSS Score: %0.65
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-6552

    Green Packet DX-350 uses non-random default credentials of: root:wimax. A remote network attacker can gain privileged access to a vulnerable device.... Read more

    Affected Products : dx-350_firmware dx-350
    • EPSS Score: %0.65
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 10.0

    HIGH
    CVE-2016-6551

    Intellian Satellite TV antennas t-Series and v-Series, firmware version 1.07, uses non-random default credentials of: ftp/ftp or intellian:12345678. A remote network attacker can gain elevated access to a vulnerable device.... Read more

    • EPSS Score: %0.65
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-6549

    The Zizai Tech Nut device allows unauthenticated Bluetooth pairing, which enables unauthenticated connected applications to write data to the device name attribute.... Read more

    Affected Products : nut_mobile
    • EPSS Score: %0.26
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-6548

    The Zizai Tech Nut mobile app makes requests via HTTP instead of HTTPS. These requests contain the user's authenticated session token with the URL. An attacker can capture these requests and reuse the session token to gain full access the user's account.... Read more

    Affected Products : nut_mobile
    • EPSS Score: %2.42
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-6547

    The Zizai Tech Nut mobile app stores the account password used to authenticate to the cloud API in cleartext in the cache.db file.... Read more

    Affected Products : nut_mobile
    • EPSS Score: %0.08
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2016-6546

    The iTrack Easy mobile application stores the account password used to authenticate to the cloud API in base64-encoding in the cache.db file. The base64 encoding format is considered equivalent to cleartext.... Read more

    Affected Products : itrackeasy
    • EPSS Score: %0.08
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2016-6545

    Session cookies are not used for maintaining valid sessions in iTrack Easy. The user's password is passed as a POST parameter over HTTPS using a base64 encoded passwd field on every request. In this implementation, sessions can only be terminated when the... Read more

    Affected Products : itrackeasy itrackeasy
    • EPSS Score: %1.18
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2016-6544

    getgps data in iTrack Easy can be modified without authentication by setting the data using the parametercmd:setothergps. This vulnerability can be exploited to alter the GPS data of a lost device.... Read more

    Affected Products : itrack_easy itrackeasy
    • EPSS Score: %1.21
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 5.9

    MEDIUM
    CVE-2016-6543

    A captured MAC/device ID of an iTrack Easy can be registered under multiple user accounts allowing access to getgps GPS data, which can allow unauthenticated parties to track the device.... Read more

    Affected Products : itrack_easy itrackeasy
    • EPSS Score: %0.96
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2016-6542

    The iTrack device tracking ID number, also called "LosserID" in the web API, can be obtained by being in the range of an iTrack device. The tracker ID is the device's BLE MAC address.... Read more

    Affected Products : itrackeasy itrackeasy
    • EPSS Score: %0.36
    • Published: Jul. 13, 2018
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2016-6541

    TrackR Bravo device allows unauthenticated pairing, which enables unauthenticated connected applications to write to various device attributes. Updated apps, version 5.1.6 for iOS and 2.2.5 for Android, have been released by the vendor to address the vuln... Read more

    Affected Products : trackr_bravo_firmware trackr_bravo
    • EPSS Score: %0.95
    • Published: Jul. 06, 2018
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2016-6540

    Unauthenticated access to the cloud-based service maintained by TrackR Bravo is allowed for querying or sending GPS data for any Trackr device by using the tracker ID number which can be discovered as described in CVE-2016-6539. Updated apps, version 5.1.... Read more

    Affected Products : trackr_bravo_firmware trackr_bravo
    • EPSS Score: %0.46
    • Published: Jul. 06, 2018
    • Modified: Nov. 21, 2024
Showing 20 of 291750 Results