Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.8

    HIGH
    CVE-2015-7569

    SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter.... Read more

    Affected Products : yeager_cms
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 9.3

    HIGH
    CVE-2017-2332

    An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow a malicious, network based, unauthenticated attacker to perform privileged actions to gain complete control o... Read more

    Affected Products : northstar_controller
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.2

    MEDIUM
    CVE-2017-2329

    An insufficient authentication vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, user to execute certain specific unprivileged system files capable of causing... Read more

    Affected Products : northstar_controller
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-8082

    concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which allows remote attackers to disable the entire installation by merely tricking an admin into viewing a malicious page involving the /tools/required/files/importers/imageeditor?fID=1&im... Read more

    Affected Products : concrete_cms concrete5
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.0

    HIGH
    CVE-2015-8109

    Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "t... Read more

    Affected Products : system_update lenovo_system_update
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-1522

    analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not reject certain non-zero values of a packet length, which allows remote attackers to cause a denial of service (buffer overflow or buffer over-read) via a crafted DNP3 packet.... Read more

    Affected Products : bro
    • Published: Apr. 24, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-8065

    crypto/ccm.c in the Linux kernel 4.9.x and 4.10.x through 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact ... Read more

    Affected Products : linux_kernel
    • Published: Apr. 23, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2017-8061

    drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x and 4.10.x before 4.10.7 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly ... Read more

    Affected Products : linux_kernel
    • Published: Apr. 23, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2016-3067

    Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges.... Read more

    Affected Products : cygwin
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-1561

    ExaGrid appliances with firmware before 4.8 P26 have a default SSH public key in the authorized_keys file for root, which allows remote attackers to obtain SSH access by leveraging knowledge of a private key from another installation or a firmware image.... Read more

    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-1519

    The com.softphone.common package in the Grandstream Wave app 1.0.1.26 and earlier for Android does not properly validate SSL certificates, which allows man-in-the-middle attackers to spoof the Grandstream provisioning server via a crafted certificate.... Read more

    Affected Products : wave
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2016-1221

    Jetstar App for iOS before 3.0.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.... Read more

    Affected Products : jetstar
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.8

    MEDIUM
    CVE-2016-1187

    Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 through 3.0.4 does not verify SSL certificates.... Read more

    Affected Products : kunai
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 10.0

    HIGH
    CVE-2016-1558

    Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and earlier, DAP-2360 2.06 and earlier, DAP-2553 H/W ver. B1 3.05 and earlier, DAP-2660 1.11 and earlier, DAP-2690 3.15 and earlier, DAP-2695 1.16 and earlier, DAP-3320 1.00 and earlier, a... Read more

    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2016-1556

    Information disclosure in Netgear WN604 before 3.3.3; WNAP210, WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0; and WND930 before 2.0.11 allows remote attackers to read the wireless WPS PIN or passphrase by visiting unauthenticated webpages.... Read more

    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2016-1194

    Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial of service.... Read more

    Affected Products : garoon
    • Published: Apr. 21, 2017
    • Modified: Apr. 20, 2025

  • 6.3

    MEDIUM
    CVE-2017-6615

    A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS XE 3.16 could allow an authenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to a race condition that could occur when ... Read more

    Affected Products : ios_xe
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-9978

    IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an authenticated attacker to disclose sensitive information. IBM X-Force ID: 120254.... Read more

    Affected Products : curam_social_program_management
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2016-4862

    Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers.... Read more

    Affected Products : cs-cart
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2016-4850

    LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code.... Read more

    Affected Products : line
    • Published: Apr. 20, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292795 Results