Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 6.1

    MEDIUM
    CVE-2015-8256

    Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras.... Read more

    • EPSS Score: %6.91
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 3.5

    LOW
    CVE-2016-4874

    Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.... Read more

    Affected Products : office
    • EPSS Score: %0.23
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-4867

    Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to bypass access restriction to view unauthorized project information via the Project function.... Read more

    Affected Products : office
    • EPSS Score: %0.22
    • Published: Apr. 17, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-10331

    Directory traversal vulnerability in download.php in Synology Photo Station before 6.5.3-3226 allows remote attackers to read arbitrary files via a full pathname in the id parameter.... Read more

    Affected Products : photo_station
    • EPSS Score: %0.39
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-8930

    Multiple cross-site request forgery (CSRF) vulnerabilities in Simple Invoices 2013.1.beta.8 allow remote attackers to hijack the authentication of admins for requests that can (1) create new administrator user accounts and take over the entire application... Read more

    Affected Products : simple_invoices
    • EPSS Score: %0.12
    • Published: May. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-0593

    An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to obtain access to custom permissions. This issue is rated as High because it is a general bypass for operating system protections that isolate appli... Read more

    Affected Products : android
    • EPSS Score: %0.02
    • Published: May. 12, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-5655

    In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be stored on disk in temporary files on the Ambari Server host. The temporary files are readable by any user authenticated on the host.... Read more

    Affected Products : ambari
    • EPSS Score: %0.15
    • Published: May. 15, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-9573

    The North Adams State Bank (Ursa) nasb-mobile-banking/id980573797 app 3.0.1 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : nasb_mobile_bank
    • EPSS Score: %0.12
    • Published: Jun. 16, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-9572

    The athens-state-bank-mobile-banking/id719748589 app 3.0.0 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : athens_state_bank_mobile
    • EPSS Score: %0.12
    • Published: Jun. 16, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-9568

    The financial-plus-mobile-banking/id731070564 app 3.0.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : financial_plus_mobile_banking
    • EPSS Score: %0.12
    • Published: Jun. 16, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9624

    Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data.... Read more

    Affected Products : epesi
    • EPSS Score: %0.22
    • Published: Jun. 14, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-4986

    EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could potentially be exploited by malicious users to compromise the affected system.... Read more

    Affected Products : secure_remote_services
    • EPSS Score: %0.42
    • Published: Jun. 14, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9464

    An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. The identification.php component is affected by this issue: the "redirect... Read more

    Affected Products : piwigo
    • EPSS Score: %0.19
    • Published: Jun. 14, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-9463

    The application Piwigo is affected by a SQL injection vulnerability in version 2.9.0 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context of the user used by the application to retrieve data fro... Read more

    Affected Products : piwigo
    • EPSS Score: %0.22
    • Published: Jun. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7676

    Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '*' wildcard character - like my*test, test*.txt. This can result in unintended behavior.... Read more

    Affected Products : ranger
    • EPSS Score: %0.89
    • Published: Jun. 14, 2017
    • Modified: Apr. 20, 2025

  • 4.7

    MEDIUM
    CVE-2017-0651

    An information disclosure vulnerability in the kernel ION subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Low because it first requires compromising a privileged process. Product... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.22
    • Published: Jun. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-0648

    An elevation of privilege vulnerability in the kernel FIQ debugger could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High due to the possibility of a local permanent device compro... Read more

    Affected Products : android linux_kernel
    • EPSS Score: %0.20
    • Published: Jun. 14, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-0642

    A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product:... Read more

    Affected Products : android
    • EPSS Score: %0.19
    • Published: Jun. 14, 2017
    • Modified: Apr. 20, 2025

  • 7.6

    HIGH
    CVE-2017-0636

    An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privil... Read more

    Affected Products : android
    • EPSS Score: %0.08
    • Published: Jun. 14, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-8241

    In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a WLAN function due to an incorrect message length.... Read more

    Affected Products : android
    • EPSS Score: %0.05
    • Published: Jun. 13, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292048 Results