Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.2

    HIGH
    CVE-2016-8769

    Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain el... Read more

    Affected Products : utps_firmware
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 4.3

    MEDIUM
    CVE-2016-8757

    ION memory management module in Huawei P9 phones with software EVA-AL10C00B192 and earlier versions, EVA-DL10C00B192 and earlier versions, EVA-TL10C00B192 and earlier versions, EVA-CL10C00B192 and earlier versions allows attackers to obtain sensitive info... Read more

    Affected Products : p9_firmware p9
    • Published: Apr. 02, 2017
    • Modified: Apr. 20, 2025

  • 5.4

    MEDIUM
    CVE-2016-9733

    IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a... Read more

    • Published: Jul. 05, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-6721

    A vulnerability in the ingress processing of fragmented TCP packets by Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause the WAASNET process to restart unexpectedly, causing a denial of service (DoS) cond... Read more

    Affected Products : wide_area_application_services
    • Published: Jul. 04, 2017
    • Modified: Apr. 20, 2025

  • 6.5

    MEDIUM
    CVE-2017-6704

    A vulnerability in the web application in the Cisco Prime Collaboration Provisioning tool could allow an authenticated, remote attacker to perform arbitrary file downloads that could allow the attacker to read files from the underlying filesystem. More In... Read more

    Affected Products : prime_collaboration_provisioning
    • Published: Jul. 04, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-6701

    A vulnerability in the web application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected sy... Read more

    Affected Products : identity_services_engine
    • Published: Jul. 04, 2017
    • Modified: Apr. 20, 2025

  • 8.1

    HIGH
    CVE-2017-8894

    AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software updates. An attacker can hijack an update via man-in-the-middle in order to execute code in the machine.... Read more

    Affected Products : aeroadmin
    • Published: Jul. 02, 2017
    • Modified: Apr. 20, 2025

  • 7.2

    HIGH
    CVE-2017-10709

    The lockscreen on Elephone P9000 devices (running Android 6.0) allows physically proximate attackers to bypass a wrong-PIN lockout feature by pressing backspace after each PIN guess.... Read more

    Affected Products : android p9000
    • Published: Jun. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.9

    MEDIUM
    CVE-2017-10668

    A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Under an MITM condition within the OSCI infrastructure, an attacker needs to send crafted protocol messages to analyse the ... Read more

    Affected Products : osci_transport_library
    • Published: Jun. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-6041

    An Unrestricted Upload issue was discovered in Marel Food Processing Systems M3000 terminal associated with the following systems: A320, A325, A371, A520 Master, A520 Slave, A530, A542, A571, Check Bin Grader, FlowlineQC T376, IPM3 Dual Cam v132, IPM3 Dua... Read more

    • Published: Jun. 30, 2017
    • Modified: Apr. 20, 2025

  • 7.1

    HIGH
    CVE-2017-6038

    A Cross-Site Request Forgery issue was discovered in Belden Hirschmann GECKO Lite Managed switch, Version 2.0.00 and prior versions. The web application does not sufficiently verify that requests were provided by the user who submitted the request.... Read more

    • Published: Jun. 30, 2017
    • Modified: Apr. 20, 2025

  • 5.3

    MEDIUM
    CVE-2017-6032

    A Violation of Secure Design Principles issue was discovered in Schneider Electric Modicon Modbus Protocol. The Modicon Modbus protocol has a session-related weakness making it susceptible to brute-force attacks.... Read more

    Affected Products : modbus_firmware modbus
    • Published: Jun. 30, 2017
    • Modified: Apr. 20, 2025

  • 9.8

    CRITICAL
    CVE-2017-10682

    SQL injection vulnerability in the administrative backend in Piwigo through 2.9.1 allows remote users to execute arbitrary SQL commands via the cat_false or cat_true parameter in the comments or status page to cat_options.php.... Read more

    Affected Products : piwigo
    • Published: Jun. 29, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2017-2851

    In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow.... Read more

    • Published: Jun. 29, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-10667

    In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS.... Read more

    Affected Products : zen_cart
    • Published: Jun. 29, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2017-9990

    Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file.... Read more

    Affected Products : ffmpeg
    • Published: Jun. 28, 2017
    • Modified: Apr. 20, 2025

  • 6.1

    MEDIUM
    CVE-2017-9145

    TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS.... Read more

    Affected Products : tikiwiki_cms\/groupware
    • Published: Jun. 26, 2017
    • Modified: Apr. 20, 2025

  • 7.5

    HIGH
    CVE-2015-7781

    ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions.... Read more

    Affected Products : manageengine_firewall_analyzer
    • Published: Jun. 27, 2017
    • Modified: Apr. 20, 2025

  • 7.8

    HIGH
    CVE-2015-1591

    The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges.... Read more

    Affected Products : kamailio
    • Published: Jun. 27, 2017
    • Modified: Apr. 20, 2025

  • 8.8

    HIGH
    CVE-2014-8149

    OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated users to write report data to arbitrary files.... Read more

    Affected Products : defense4all
    • Published: Jun. 27, 2017
    • Modified: Apr. 20, 2025
Showing 20 of 292769 Results