Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.6

    HIGH
    CVE-2017-0610

    An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged pro... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.19
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-0609

    An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged pro... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.19
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-0608

    An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged pro... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.19
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2017-0603

    A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: An... Read more

    Affected Products : android
    • EPSS Score: %0.07
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-0601

    An Elevation of Privilege vulnerability in Bluetooth could potentially enable a local malicious application to accept harmful files shared via bluetooth without user permission. This issue is rated as Moderate due to local bypass of user interaction requi... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-0591

    A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code ... Read more

    Affected Products : android
    • EPSS Score: %0.27
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-0590

    A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code... Read more

    Affected Products : android
    • EPSS Score: %0.27
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-0493

    An information disclosure vulnerability in File-Based Encryption could enable a local malicious attacker to bypass operating system protections for the lock screen. This issue is rated as Moderate due to the possibility of bypassing the lock screen. Produ... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2016-10287

    An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged pro... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.19
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2016-10283

    An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged pro... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.20
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2016-10281

    An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged p... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2016-10276

    An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device co... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-8850

    An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to a lenient updater-script in the OnePlus OTA images, and the fact that both ROMs use the same OTA verification keys, attackers can install HydrogenOS over OxygenOS and vice versa, even... Read more

    • EPSS Score: %0.09
    • Published: May. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8897

    Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector. This UTF8 Converter vulnerability can easily be used to make a m... Read more

    Affected Products : invision_power_board
    • EPSS Score: %0.28
    • Published: May. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-6865

    A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC Automation Tool (All versions < V3.0), SIMATIC NET PC-Software (All versions < V14 SP1), SIMATIC PCS 7 V8.1 (All versions), SIMATIC PCS 7 V8.2 (All versions... Read more

    • EPSS Score: %0.08
    • Published: May. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7886

    Dolibarr ERP/CRM 4.0.4 has SQL Injection in doli/theme/eldy/style.css.php via the lang parameter.... Read more

    Affected Products : dolibarr_erp\/crm
    • EPSS Score: %0.27
    • Published: May. 10, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-1103

    IBM Team Concert (RTC) is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all availabl... Read more

    • EPSS Score: %0.38
    • Published: May. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-6035

    IBM Rational Quality Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted se... Read more

    • EPSS Score: %0.26
    • Published: May. 10, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-8874

    Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic 1.4.1 allow remote attackers to hijack the authentication of users for requests that (1) delete email campaigns or (2) delete contacts.... Read more

    Affected Products : mautic mautic
    • EPSS Score: %0.12
    • Published: May. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-7967

    All versions of VAMPSET software produced by Schneider Electric, prior to V2.2.189, are susceptible to a memory corruption vulnerability when a corrupted vf2 file is used. This vulnerability causes the software to halt or not start when trying to open the... Read more

    Affected Products : vampset
    • EPSS Score: %0.06
    • Published: May. 09, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292628 Results