Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 9.8

    CRITICAL
    CVE-2017-7625

    In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the content parameter to "/dapur/apps/app_theme/libs/save_file.php" and then execute code.... Read more

    Affected Products : fiyo_cms
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-7624

    The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file.... Read more

    Affected Products : imageworsener imageworsener
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-7345

    NetApp OnCommand Performance Manager and OnCommand Unified Manager for Clustered Data ONTAP before 7.1P1 improperly bind the Java Management Extension Remote Method Invocation (aka JMX RMI) service to the network, which allows remote attackers to obtain s... Read more

    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-6878

    The Curve25519 code in botan before 1.11.31, on systems without a native 128-bit integer type, might allow attackers to have unspecified impact via vectors related to undefined behavior, as demonstrated on 32-bit ARM systems compiled by Clang.... Read more

    Affected Products : botan
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-10311

    Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows remote attackers to cause a denial of service () by sending a crafted packet to the SAPSTARTSRV port, aka SAP Security Note 2295238.... Read more

    Affected Products : netweaver
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 4.9

    MEDIUM
    CVE-2016-10310

    Buffer overflow in the MobiLink Synchronization Server component in SAP SQL Anywhere 17 and possibly earlier allows remote authenticated users to cause a denial of service (resource consumption and process crash) by sending a crafted packet several times,... Read more

    Affected Products : sql_anywhere
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-0500

    An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of th... Read more

    Affected Products : android
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2016-5682

    Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.... Read more

    Affected Products : swagger-ui
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-0492

    An elevation of privilege vulnerability in the System UI could enable a local malicious application to create a UI overlay covering the entire screen. This issue is rated as Moderate because it is a local bypass of user interaction requirements that would... Read more

    Affected Products : android
    • Published: Mar. 08, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-5056

    OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK.... Read more

    Affected Products : lightify_pro
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2015-8275

    LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to write to arbitrary files via crafted EDOC files.... Read more

    Affected Products : edoc-libraries eparakstitajs_3
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2015-6028

    Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter.... Read more

    Affected Products : snmpc
    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-2886

    iBaby M6 allows remote attackers to obtain sensitive information, related to the ibabycloud.com service.... Read more

    • Published: Apr. 10, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-0583

    An elevation of privilege vulnerability in the Qualcomm CP access driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privil... Read more

    Affected Products : android linux_kernel
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-0572

    An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged pro... Read more

    Affected Products : android linux_kernel
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-0568

    An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged pro... Read more

    Affected Products : android linux_kernel
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-0565

    An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged p... Read more

    Affected Products : android
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-0559

    An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Ve... Read more

    Affected Products : android
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-0547

    An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that... Read more

    Affected Products : android
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-0544

    An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. This issue is rated as High because it is a local arbitrary code execution in a privileged process. Product: Android. Versions: 4.4... Read more

    Affected Products : android
    • Published: Apr. 07, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292862 Results