Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 5.0

    MEDIUM
    CVE-2015-2253

    The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document.... Read more

    • EPSS Score: %0.08
    • Published: Jun. 08, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2015-7346

    SQL injection vulnerability in ZCMS 1.1.... Read more

    Affected Products : zcms
    • EPSS Score: %4.15
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2014-9983

    Directory Traversal exists in RAR 4.x and 5.x because an unpack operation follows any symlinks, including symlinks contained in the archive. This allows remote attackers to write to arbitrary files via a crafted archive.... Read more

    Affected Products : rar
    • EPSS Score: %0.26
    • Published: Jun. 04, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-7966

    A DLL Hijacking vulnerability in the programming software in Schneider Electric's SoMachine HVAC v2.1.0 allows a remote attacker to execute arbitrary code on the targeted system. The vulnerability exists due to the improper loading of a DLL.... Read more

    Affected Products : somachine
    • EPSS Score: %0.98
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 3.3

    LOW
    CVE-2017-1125

    IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a URL which could confirm the existence of and expose postial contents of a file. IBM X-Force ID: 121340.... Read more

    • EPSS Score: %0.05
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2016-5959

    IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-For... Read more

    • EPSS Score: %0.22
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-7312

    An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data (including usernames and passwords).... Read more

    Affected Products : personify360
    • EPSS Score: %8.33
    • Published: Jun. 07, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-0768

    PostgreSQL PL/Java after 9.0 does not honor access controls on large objects.... Read more

    Affected Products : postgresql
    • EPSS Score: %0.24
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9420

    Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter.... Read more

    Affected Products : spiffy_calendar
    • EPSS Score: %0.41
    • Published: Jun. 05, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-8083

    CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 do not use the CloseMnf protection mechanism for write protection of flash memory regions, which allows local users to install a firmware rootkit by leveraging administrative privileges... Read more

    • EPSS Score: %0.04
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2015-9005

    In TrustZone in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist.... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2014-9951

    In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist.... Read more

    Affected Products : android
    • EPSS Score: %0.06
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2014-9929

    In WCDMA in all Android releases from CAF using the Linux kernel, a Use of Out-of-range Pointer Offset vulnerability could potentially exist.... Read more

    Affected Products : android
    • EPSS Score: %0.04
    • Published: Jun. 06, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-8838

    XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi.... Read more

    • EPSS Score: %2.05
    • Published: Jun. 05, 2017
    • Modified: Apr. 20, 2025

  • 5.5

    MEDIUM
    CVE-2017-3740

    In Lenovo Active Protection System before 1.82.0.14, an attacker with local privileges could send commands to the system's embedded controller, which could cause a denial of service attack on the system or the ability to alter hardware functionality.... Read more

    Affected Products : active_protection_system
    • EPSS Score: %0.04
    • Published: Jun. 04, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-8231

    In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate.... Read more

    Affected Products : lenovo_service_bridge
    • EPSS Score: %0.10
    • Published: Jun. 04, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2016-8228

    In Lenovo Service Bridge before version 4, a user with local privileges on a system could execute code with administrative privileges.... Read more

    Affected Products : lenovo_service_bridge
    • EPSS Score: %0.04
    • Published: Jun. 04, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-9380

    OpenEMR 5.0.0 and prior allows low-privilege users to upload files of dangerous types which can result in arbitrary code execution within the context of the vulnerable application.... Read more

    Affected Products : openemr
    • EPSS Score: %0.55
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-9378

    BigTree CMS through 4.2.18 does not prevent a user from deleting their own account. This could have security relevance because deletion was supposed to be an admin-only action, and the admin may have other tasks (such as data backups) to complete before a... Read more

    Affected Products : bigtree_cms
    • EPSS Score: %0.12
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9361

    WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php.... Read more

    Affected Products : websitebaker
    • EPSS Score: %0.24
    • Published: Jun. 02, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292720 Results