Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2017-7648

    Foscam networked devices use the same hardcoded SSL private key across different customers' installations, which allows remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation.... Read more

    Affected Products : c1 c1_lite c2 fi9800xe fi9826p fi9828p fi9851p fi9853ep fi9901ep fi9903p +2 more products
    • EPSS Score: %0.62
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2016-8237

    Remote code execution in Lenovo Updates (not Lenovo System Update) allows man-in-the-middle attackers to execute arbitrary code.... Read more

    Affected Products : updates
    • EPSS Score: %1.22
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7625

    In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code.... Read more

    Affected Products : fiyo_cms
    • EPSS Score: %1.46
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-7624

    The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file.... Read more

    Affected Products : imageworsener imageworsener
    • EPSS Score: %0.24
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-7345

    NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain s... Read more

    • EPSS Score: %0.20
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-6878

    The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstrated on 32-bit ARM systems compiled by Clang.... Read more

    Affected Products : botan
    • EPSS Score: %0.40
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10311

    Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238.... Read more

    Affected Products : netweaver
    • EPSS Score: %4.07
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 4.9

    MEDIUM
    CVE-2016-10310

    Buffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly earlier allows remote authenticated users to cause a denial of service (resource consumption and process crash) by sending a crafted packet several times,... Read more

    Affected Products : sql_anywhere
    • EPSS Score: %1.61
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-7826

    botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com.... Read more

    Affected Products : botan
    • EPSS Score: %0.43
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-7824

    botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites.... Read more

    Affected Products : botan
    • EPSS Score: %0.24
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-6534

    Opmantek NMIS before 4.3.7c has command injection via man, finger, ping, trace, and nslookup in the tools.pl CGI script. Versions before 8.5.12G might be affected in non-default configurations.... Read more

    • EPSS Score: %3.70
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-0500

    An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of th... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-5682

    Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.... Read more

    Affected Products : swagger-ui
    • EPSS Score: %0.53
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-5075

    CloudView NMS before 2.10a has XSS via a TELNET login.... Read more

    Affected Products : cloudview_nms
    • EPSS Score: %0.30
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-5074

    CloudView NMS before 2.10a has a format string issue exploitable over SNMP.... Read more

    Affected Products : cloudview_nms
    • EPSS Score: %0.51
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-5070

    Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext.... Read more

    Affected Products : aleos_firmware gx_440
    • EPSS Score: %0.02
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-0492

    An elevation of privilege vulnerability in the System UI could enable a local malicious application to create a UI overlay covering the entire screen. This issue is rated as Moderate because it is a local bypass of user interaction requirements that would... Read more

    Affected Products : android
    • EPSS Score: %0.08
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-5056

    OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK.... Read more

    Affected Products : lightify_pro
    • EPSS Score: %0.18
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-5052

    OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning.... Read more

    Affected Products : lightify_home
    • EPSS Score: %0.45
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4319

    Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings.... Read more

    Affected Products : jira
    • EPSS Score: %0.17
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292238 Results