Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2016-4893

    SQL injection vulnerability in the SetsucoCMS all versions allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.... Read more

    Affected Products : setucocms
    • EPSS Score: %0.70
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2017-7588

    On certain Brother devices, authorization is mishandled by including a valid AuthCookie cookie in the HTTP response to a failed login attempt. Affected models are: MFC-J6973CDW MFC-J4420DW MFC-8710DW MFC-J4620DW MFC-L8850CDW MFC-J3720 MFC-J6520DW MFC-L274... Read more

    • EPSS Score: %30.89
    • Published: Apr. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7694

    Remote Code Execution vulnerability in symphony/content/content.blueprintsdatasources.php in Symphony CMS through 2.6.11 allows remote attackers to execute code and get a webshell from the back-end. The attacker must be authenticated and enter PHP code in... Read more

    Affected Products : symphony symphony_cms
    • EPSS Score: %5.78
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7691

    A code injection vulnerability exists in SAP TREX / Business Warehouse Accelerator (BWA). The vendor response is SAP Security Note 2419592.... Read more

    Affected Products : trex
    • EPSS Score: %0.59
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-7621

    Cross Site Scripting Vulnerability in core-eMLi in AuroMeera Technometrix Pvt. Ltd. eMLi V1.0 allows an Attacker to send malicious code, generally in the form of a browser-side script, to a different end user via the page parameter to code/student_portal/... Read more

    Affected Products : emli
    • EPSS Score: %0.24
    • Published: Apr. 11, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-7648

    Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.... Read more

    Affected Products : c1 c1_lite c2 fi9800xe fi9826p fi9828p fi9851p fi9853ep fi9901ep fi9903p +2 more products
    • EPSS Score: %0.62
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7625

    In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code.... Read more

    Affected Products : fiyo_cms
    • EPSS Score: %1.46
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-7624

    The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file.... Read more

    Affected Products : imageworsener imageworsener
    • EPSS Score: %0.24
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-7345

    NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain s... Read more

    • EPSS Score: %0.20
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-6878

    The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstrated on 32-bit ARM systems compiled by Clang.... Read more

    Affected Products : botan
    • EPSS Score: %0.40
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10311

    Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238.... Read more

    Affected Products : netweaver
    • EPSS Score: %4.07
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 4.9

    MEDIUM
    CVE-2016-10310

    Buffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly earlier allows remote authenticated users to cause a denial of service (resource consumption and process crash) by sending a crafted packet several times,... Read more

    Affected Products : sql_anywhere
    • EPSS Score: %1.61
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-0500

    An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of th... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-5682

    Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.... Read more

    Affected Products : swagger-ui
    • EPSS Score: %0.69
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-0492

    An elevation of privilege vulnerability in the System UI could enable a local malicious application to create a UI overlay covering the entire screen. This issue is rated as Moderate because it is a local bypass of user interaction requirements that would... Read more

    Affected Products : android
    • EPSS Score: %0.08
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-5056

    OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK.... Read more

    Affected Products : lightify_pro
    • EPSS Score: %0.18
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2015-8275

    LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to write to arbitrary files via crafted EDOC files.... Read more

    Affected Products : edoc-libraries eparakstitajs_3
    • EPSS Score: %0.16
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-6028

    Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter.... Read more

    Affected Products : snmpc
    • EPSS Score: %0.21
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-2886

    iBaby M6 allows remote attackers to obtain sensitive information, related to the ibabycloud.com service.... Read more

    • EPSS Score: %0.32
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-0583

    An elevation of privilege vulnerability in the Qualcomm CP access driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privil... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.25
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292737 Results